Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Login and Security

    I've been looking for information on managing security in SmartGWT. It seems there are a number of approaches, and I'm not sure which is best to take.

    At present, we have a standard J2EE form-based logon to our application - it protects the web page which is the application itself. But within the application we need to access the details of the currently-logged on user (his username), and (although I'm not sure I've understood this correctly) it seems the simplest methods to get that information don't work (I'm thinking DataSource.get("user")).

    So is there a recommended way to handle this?

    I note when searching the forum that there are lots and lots of posts asking similar questions. It might be really helpful to put an example of logon functionality (including retrieval of information) into the showcase. Obviously a great many people are finding that the existing documentation doesn't explain the situation well enough.
    Tags: None
    #2
    Loading user data is like loading any other data - make a DataSource for users, and fetch - return the data with the same approaches (DMI, etc) that work for any other kind of data loading. That's why there's no sample specifically of loading user data.

    Comment

      #3
      Originally posted by Isomorphic
      Loading user data is like loading any other data - make a DataSource for users, and fetch - return the data with the same approaches (DMI, etc) that work for any other kind of data loading. That's why there's no sample specifically of loading user data.
      And yet people continue to make posts asking about it. It's obviously not being seen as that simple by a great many users.

      Comment

        #4
        There are a great many posts about some topics that are covered prominently in the QuickStart Guide, the FAQ, and the forums. So, sorry, but volume of questions just doesn't correlate with how well addressed the question is.

        Why don't you go ahead and read the QuickStart section on Authentication and try the suggested approach. At that point, we'd be interested in comments on whether something could be made more obvious.

        Comment

          #5
          Me, too, has problems with Login & Security or Authentication & Authorization, respectively !

          I have read the following sections in the SmartClient QuickStart Guide:
          - Authentication and Authorization
          - Relogin
          - Declarative Security

          But if I understand correctly, these sections provide hints, hooks and integration strategies for the SmartClient Framework; and no cohesive authentication and authorization engine out of the box; I conclude that the server-side SmartClient Framework has no default authentication mechanism builtin ...

          It would be of great value when a stripped-down, straightforward example showed a secured SmartClient App; from what I've read in the Forums so far, many SmartClient Users rely on Spring Security; I for one would like a security solution which is already contained in SmartClient, without having to add the Spring Framework ...

          Comment

            #6
            This comment stems from a misunderstanding of what authentication systems do. We're not going to re-implement Spring Security, Tomcat realms or some other J2EE authentication system - use those systems, and their docs, to set up authentication.

            Once you've followed the docs to set up the authentication system of your choice, we've made it as simple as it can possibly be to integrate it into SmartClient - see the Declarative Security section in the QuickStart. In most cases, you do nothing more than simply start declaring access control rules for operations.

            Comment

              #7
              I guess I'm probably after a default integration with a J2EE authentication system already provided by SmartClient; of course with the option to easily switch to another (J2EE) authentication system; at least a recommendation for one commonplace J2EE authentication system would be fine !

              Comment

                #8
                I have just discovered jGuard:
                - http://www.jguard.net/
                - jGuard is a library that provides EASY security (authentication and authorization) for Java web applications.
                - It is built over the stable and mature JAAS framework, which is part of the JAVA J2SE api
                - jGuard is very flexible and allows several different ways to configure those mechanisms for authentication and authorization, i.e., in a relational database, XML files, or LDAP service.

                I bet many Smartclient users would be very happy if Isomorphic provided integration with jGuard out of the box ! If it is possible at all and does make sense ...

                Being currently neither proficient with Security nor with Smartclient/Java, this jGuard integration task can not be best tackled by myself ...

                Comment

                  #9
                  Have you read the docs? SmartClient is already pre-integrated with any JAAS or other J2EE security solution that makes servletRequest.getUserRole() work.

                  Comment

                    #10
                    I have just discovered the "Secure Application Example" (smartclientSDK\examples\secureApp); and I have played around with it. I can log in using the preconfigured user 'john.smith@isomorphic.com'; but I cannot register new users which I have created before on the administration page ...

                    Several questions:
                    - Is this example meant to be a fully-fledged, self-contained security example ? That should completely work right out of the box ?
                    - What must I do in order to be able to register new users ?
                    - Can one leverage this example for securing Real-World SmartClient Apps ? On a grand scale ?

                    Comment

                    Previous template Next
                    Working...
                    X