Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    custom IDACall: how to get auth and role information

    I am using a recent nightly build. I wrote a custom IDACall service for datasource requests that works fine if I just call the super.processRequest() method - I get the debug printout so I know my class is getting used and the data is returned OK:

    Code:
    public class IDACallImpl extends IDACall {
  @Override
  public void processRequest(HttpServletRequest request,
                             HttpServletResponse response) throws ServletException, IOException {
    System.err.println("IDACallImpl.processRequest("+request+", "+response+"):\n\n");
      boolean authenticated = false;
      ...  determine if we want to override roles as set in config file  ...
      if (true) { // authenticated) {
        super.processRequest(request, response);
      }
  }
}
    The problem that I have is that I want to mix user rolls specified in a datasource configuration:

    Code:
    <DataSource ID="ACTIVATION" serverType="sql"  tableName="EDENMODEL.ACTIVATION"
            requiresAuthentication="true"
>
 ...

    <operationBindings>
      <operationBinding operationType="fetch"  requiresRole="user" />
      <operationBinding operationType="update" requiresRole="admin" />
      <operationBinding operationType="delete" requiresRole="admin" />
    </operationBindings>
    with occasional overrides on the server side. My problem is that I can't access the auth and role data I (try to!) set in a custom auth IDACall class that receives user's login and password:

    Code:
    public class AuthServiceImpl extends IDACall {
  public void processRequest(HttpServletRequest request,
                             HttpServletResponse response)
    throws ServletException, IOException {
    RPCManager rpc = new RPCManager(request, response);
  ...
    if (databaseEncryptedPassword.equals(encryptedPassword)) {
      rpc.setAuthenticated(true);  // DOES NOT SEEM TO WORK
      rpc.setUserRoles(Arrays.asList(new String[]{"admin", "user", "canCreateDrights"}));  // DOES NOT SEEM TO WORK
      rpc.send("auth:OK");
    }
  }
}
    I was hoping that when this user makes datasource requests that the roles and authentication data would be automatically used. Here is my client side code:

    Code:
     RPCManager.sendRequest(request,
   new RPCCallback() {
     public void execute(RPCResponse response,
                         Object rawData, RPCRequest request) {
    So, I can make everything work if two problems are solved:

    1. get the auth and role data saved correctly so that access to tables can be role based using the default SmartServer behavior

    2. I want access to auth and roll data in my class IDACallImpl for the rare occasions I might want to override the default behavior.

    Thanks,
    Mark
    Tags: None
    #2
    I solved this problem using different APIs.

    Comment

      #3
      Can you please help me with some code examples or some tutorials or links where I can find a proper way of using roles to secure an application?

      Thank you in advance,
      Driftdone

      Comment

        #4
        Start with the QuickStart Guide section on Declarative Security. (under Server framework) and also read the information it links to.

        Comment

        Previous template Next
        Working...
        X