Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Log out automatically when session expires

    I use smartGWT v4.1-p_2014-09-07/PowerEdition firefox 34.0.5

    In my entrypoint class on onModuleLoad() i perform a fetch to the loginDatasource to see if the user is logged in.

    if this is the case, i render the mainLayout layout and if not, i pop up a new LoginWindow with a simple login form.

    When the user wants to logout i destroy the mainLayout & call the onModuleLoad function.

    i would like to detect if there is a session timeout in order to perform a system logout automatically. The RPCManager.setLoginRequiredCallback, that i have placed in onModuleLoad is not detected.
    How can i achieve that?

    Thank you very much for your help!

    ----------- My onModuleLoad function--------
    Code:
        public void onModuleLoad() {
    
            KeyIdentifier debugKey = new KeyIdentifier();
            debugKey.setCtrlKey(true);
            debugKey.setKeyName("D");
    
            Page.registerKey(debugKey, new KeyCallback() {
                public void execute(String keyName) {
                    SC.showConsole();
                }
            });
    
            RPCManager.setLoginRequiredMarker("<SCRIPT>//'\\\"]]>>isc_loginRequired");
            RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {
                @Override
                public void loginRequired(int transactionNum, RPCRequest rpcRequest, RPCResponse rpcResponse) {
                    SC.say("--session expired--");
                }
            });
    
            UBICroppermainLayout.setBackgroundImage("UBICropperHeaderLogoTransparent.png");
            UBICroppermainLayout.draw();
            DSRequest dsRequestProperties = new DSRequest();
            dsRequestProperties.setOperationId("isloggedin");
            loginDataSource.fetchData(null, new DSCallback() {
    
                @Override
                public void execute(DSResponse dsResponse, Object data, DSRequest dsRequest) {
    
                    String iduser = dsResponse.getAttribute("iduser");
    
                    if (!dsResponse.getAttribute("isloggedin").equalsIgnoreCase("true")) {
                        loginWindow = new LoginWindow();
                    } else {
                        UBICroppermainLayout.setBackgroundImage("");
                        renderMainLayout(dsResponse.getAttribute("roles"), dsResponse.getAttribute("idprovincia"), dsResponse.getAttribute("username"), iduser);
                    }
                }
            }, dsRequestProperties);
    
        } //onModuleLoad

    #2
    Hi pgouvas,

    a client-only login check offers no protection at all, as a malicious user can access the IDACall with his or her own parameters.
    The LoginRequiredMarker-mechanism is shown in this additional sample: Setup Tomcat JDBCRealm.

    Best regards,
    Blama

    Comment


      #3
      Start by reading the Relogin overview in the QuickStart Guide, and read the materials linked from there as well.

      Comment

      Working...
      X