Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Log out automatically when session expires

    I use smartGWT v4.1-p_2014-09-07/PowerEdition firefox 34.0.5

    In my entrypoint class on onModuleLoad() i perform a fetch to the loginDatasource to see if the user is logged in.

    if this is the case, i render the mainLayout layout and if not, i pop up a new LoginWindow with a simple login form.

    When the user wants to logout i destroy the mainLayout & call the onModuleLoad function.

    i would like to detect if there is a session timeout in order to perform a system logout automatically. The RPCManager.setLoginRequiredCallback, that i have placed in onModuleLoad is not detected.
    How can i achieve that?

    Thank you very much for your help!

    ----------- My onModuleLoad function--------
    Code:
        public void onModuleLoad() {

        KeyIdentifier debugKey = new KeyIdentifier();
        debugKey.setCtrlKey(true);
        debugKey.setKeyName("D");

        Page.registerKey(debugKey, new KeyCallback() {
            public void execute(String keyName) {
                SC.showConsole();
            }
        });

        RPCManager.setLoginRequiredMarker("<SCRIPT>//'\\\"]]>>isc_loginRequired");
        RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {
            @Override
            public void loginRequired(int transactionNum, RPCRequest rpcRequest, RPCResponse rpcResponse) {
                SC.say("--session expired--");
            }
        });

        UBICroppermainLayout.setBackgroundImage("UBICropperHeaderLogoTransparent.png");
        UBICroppermainLayout.draw();
        DSRequest dsRequestProperties = new DSRequest();
        dsRequestProperties.setOperationId("isloggedin");
        loginDataSource.fetchData(null, new DSCallback() {

            @Override
            public void execute(DSResponse dsResponse, Object data, DSRequest dsRequest) {

                String iduser = dsResponse.getAttribute("iduser");

                if (!dsResponse.getAttribute("isloggedin").equalsIgnoreCase("true")) {
                    loginWindow = new LoginWindow();
                } else {
                    UBICroppermainLayout.setBackgroundImage("");
                    renderMainLayout(dsResponse.getAttribute("roles"), dsResponse.getAttribute("idprovincia"), dsResponse.getAttribute("username"), iduser);
                }
            }
        }, dsRequestProperties);

    } //onModuleLoad
    Tags: None
    #2
    Hi pgouvas,

    a client-only login check offers no protection at all, as a malicious user can access the IDACall with his or her own parameters.
    The LoginRequiredMarker-mechanism is shown in this additional sample: Setup Tomcat JDBCRealm.

    Best regards,
    Blama

    Comment

      #3
      Start by reading the Relogin overview in the QuickStart Guide, and read the materials linked from there as well.

      Comment

      Previous template Next
      Working...
      X