Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    smartgwtee preferred login mechanism?

    Hi,

    Is there a SmartGWT Pro/EE recommended architecture for logging in? I have the following goals with this:

    1. Login via plain HTML page served via servlet (done)
    2. Setup a filter on the back-end to protect all things under the app directory. (done)
    3. When logged-in (showing the app), display the user's name on the screen (similar to how gmail shows the username in the upper right of the page). (still trying to get this)

    Is this more of a GWT issue, or has SmartGWT wrapped this up nicely? Do you recommend using cookies or Java sessions?

    Thanks.
    Tags: None
    #2
    There aren't really special concerns here for SmartGWT Pro/EE. Use Java sessions as for any Java web app; protect IDACall and other servlets as you would any servlets that return protected data.

    As far as getting the username into the page, it's common to create a DataSource for users, and fetch the user info for the currently logged in user at application startup (eg, it might be the first thing in onModuleLoad).

    Comment

      #3
      From the client side, is there a way to get the "currently logged in user"? For now, I've created a servlet on the server side that I then ask the servlet to send me back the email address for the currently logged-in user (since the servlet knows about the current logged-in context).

      I also have implemented a "logout" action using the same servlet (send a request to the servlet, have the servlet destroy the session, then on the client I redirect to my login page). This works fine, but seems a little "out of band" from the SmartGWT design.

      Thanks.

      Comment

        #4
        Create an operationBinding in which the current user is enforced as server-side criteria. Along these lines:

        Code:
        <operationBinding operationType="fetch" operationId="getCurrentUser"
         requiresAuthentication="true">
    <criteria fieldName="uid" value="$servletRequest.remoteUser"/>
</operationBinding>

        Comment

          #5
          Thanks, that's pretty interesting. Is there a document describing more in general about what you've just suggested? I'm curious to see what else can be done in similar ways and to learn exactly what this does.

          Thank you.

          Comment

            #6
            Yes, all the individual properties are doc'd in this area, interlinked with several overviews.

            Comment

              #7
              Can multiple "fetch" operationBindings be specified in the .ds.xml file? If so, how would I differentiate between them when I try query the data. I.e. I'd have a "CustomerDS" and it'd be nice to do a general "fetch" of all data, but also be able to fetch the currently-logged-in user record (as you have specified above).

              Thanks.

              Comment

                #8
                Yes, that's precisely the purpose of operationBinding.operationId, dsRequest.operationId, and component-specific properties such as ListGrid.fetchOperation.

                Comment

                  #9
                  I was looking in the wrong place for "operationId" as part of the DataSource. Thanks for the help.

                  Comment

                  Previous template Next
                  Working...
                  X