How Exactly Do You Use security.login()?

LOGIsoft:
Also, refering to the Servoy Developer User’s Guide (the notes on pages 450 and 451), I was wondering what happens in the case where User A in module_A belongs to a Group that has Admin access, but to a limited-access Group in module_B. Since the combination of Groups spans multiple modules and the entire solution, and that if a user is in multiple groups the highest access rights will be applied to them, does this mean that User A will finally have full access to all modules, since he is defined that way in one of them? Or is the access rights promotion done on a module by module basis?

Hope this is clearly stated… :?

‘Group promotion’ is my attempt, albeit in a clumsy way, to represent the way Servoy combines and defines the actual access rights for a user. :roll:

The reason I was asking this is because we may or may not want a User with a high access level in one or more modules to have these same access rights in all modules, or even in the solution proper per se.

If that is the case, as I suspect it is, then I would rather suggest that users have their rights based on a module-by-module level, instead of a solution-wide all-encompassing higher-hierarchy combination.

Ben

Hmm, in that I am going to try to give you a clumsy :) explanation of what you -could- do although I think you already came up with this.

User/group rights add up.

So what you can do is create a group per module.
When a user logs in you can assign the group rights you want for that user and presto…

Or is this a little too simple?

These are the two notes I am referring to:

NOTE: If a user is in multiple groups, the highest access rights will be applied to them. For example, if a user is in one group that has read-only access to a field and in a second group that has full access, the user will have full access to the specified field.

NOTE: Groups with the same name that are added to a solution or the module(s) of a solution will be combined. Suppose you have added a group called “Users” in the module mod_contacts that includes 2 users: a,b. And you have added a group called “Users” to the module mod_companies with 1 user: c. When these two modules are added to the same solution, the “Users” group will contain these users: a,b,c.

Let’s say we have the following situation:

  • Ms. Jones, working in Accounting, has access to all financial information for Acme Company. [Module Finances with group ‘Accounting’ - Admin access]
  • However, she may not (obviously) need full access to Administrative Procedures. [Module AdminProc with group ‘Accounting’ - Limited access]
  • She may also have the role of aministrative assistant to one of the bosses. [Module HumanResources with group ‘BossAssist’ - Admin acces for her boss only]

How can I effectively make sure that, in this case, Ms. Jones doesn’t see everything in the Procedures module? And what about having some sort of row-level access (to prevent her from seeing stuff belonging to the other bosses, for instance)?

I’m beginning to wonder if, for anything slightly sophisticated and modular, we need to put in almost as many different groups as there are users, or at least as there are modules… :(

Ben

I’m beginning to wonder if, for anything slightly sophisticated and modular, we need to put in almost as many different groups as there are users, or at least as there are modules…

I can imagine that this assumption is a little over the top but yes, the more groups you want to differentiate for the more rules you will have to apply.
Makes sense to me…

Since version 3.5.7 I have a problem in webclient and I was wondering if the security.login() was changed in 3.5.7

Since 3.5.7 is very hard to debug, I also tried to run the application in 4.0 and I see the following happening:

I’m using a deeplink for webclient to start webclient thru a method:

http://localhost:8080/servoy-webclient/ss/s/fds_webshop/m/webshop_login/a/f7fb71a2-b8fb-4b97-9a17-087042dd642b

The method webshop_login() will at last show a loginform.
On the loginform, the user must enter username/password/language and then press a Login button
The onAction on the loginbutton is doLogin()

The doLogin() method looks like this:

function doLogin()
{
    // Some checks

   application.output('BEFORE LOGIN')

   var _ok = security.login(_servoy_username, _uid, security.getGroups().getColumnAsArray(2))

  application.output('AFTER LOGIN')

   // Some more actions
}

What I see in my login that the security.login() is being called, but it never reaches the AFTER LOGIN.
What happens is that the original deeplink is called again!
I would expect that security.login() returns true/false and continues the processing

And that causes lot of troubles in my webshop and lot of errors in the log.

Can anyone tell me something usefull about this situation?

Thanks

Martin

And also the security.logoff(), does it work like it should work.

Now I have the following coding:

var _webshop_id = globals.webshop_id

security.logout()	
globals.globis_webshop_login(_webshop_id);

I want to do a logoff, and then I call a global method that will show the login form again.

What happens now is, that after the security.logout() that the next line gives an error. See the log:

2008-10-09 12:06 http-8080-4 ERROR com.servoy.j2db.util.Debug undefined is not a function.
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug Unregistering client: 51240b06-5090-48fa-a1c8-3da0466d3313
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug no record found
2008-10-09 12:06 http-8080-4 INFO com.servoy.j2db.util.Debug shutDown

And next there is an error thrown:

TypeError: undefined is not a function. (onDisconnect; line 15)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:584)
at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:544)
at org.mozilla.javascript.NativeGlobal.typeError1(NativeGlobal.java:554)
at org.mozilla.javascript.ScriptRuntime.call(ScriptRuntime.java:1239)
at org.mozilla.javascript.gen.c1082.call(onDisconnect:15)
at com.servoy.j2db.scripting.f.executeFunction(Unknown Source)
at com.servoy.j2db.FormController.a(Unknown Source)
at com.servoy.j2db.FormController.executeFunction(Unknown Source)
at com.servoy.j2db.FormController$a.a(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.fireActionCommand(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.onEvent(Unknown Source)
at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor$1.onEvent(Unknown Source)
at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:163)
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:293)
at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:100)
at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1171)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1248)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1349)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:387)
at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)

I want to keep full control over my application and now I can’t logout and return to my login thru a global method.

that doenst really work, because logout also closes the complete solution and after that you cant really do anything.
what you can do is

application.closeSolution(solutionname,methodname,argument)

that will close the solution but not really log you out so you just need to do that in the method (set another user)

or you can do it through an url:

application.showURL(params)
application.logout()

and that url then logs you back in.

jcompagner:
that doenst really work, because logout also closes the complete solution and after that you cant really do anything.

Was this changed in 3.5.7? I can’t remember I had same problems in 3.5.6

jcompagner:
application.showURL(params)
application.logout()

and that url then logs you back in.

Is there a way to get the URL the user used to login?

no that cant also have worked in 3.5.6
logout() if the solution needs authentication will result in a closeSolution()

But the url is lost but why do you need that?
If you just want to relogin the user cant you use the solution/method/arguments in closeSolution?

This is de coding I had:

// After logout I want to show the login form again using a global method
security.logout()
globals.showLoginForm(globals.webshop_id)

jcompagner:
logout() if the solution needs authentication will result in a closeSolution()

Does that mean that when I switch off authentication, that the call to globals.showLoginForm() will succeed?

jcompagner:
If you just want to relogin the user cant you use the solution/method/arguments in closeSolution?

When authentication is on I can’t do the coding above, but do you say that I can put the globals.showLoginForm(globals.webshop_id) in my onCloseSolution method?
Will the global variables still have their value?

when you close a solution you cant do anything
you want to show your login form again? Then first the solution has to be loaded again that doesnt happen like that

Yes if your solution doesnt need authentication we dont close the solution.

i will change the api of security.logout() so that you can give it the same kind of arguments as you can with application.closeSolution()

so with close solution you can now do:

application.closeSolution( [solutionToLoad], [method], [argument])

and i will make it so that you can call:

security.logout( [solutionToLoad], [method], [argument])

this way you can control what solution is loaded and what method with what argument is called if you want that after the logout (and the close solution that logout does)

jcompagner:
Yes if your solution doesnt need authentication we dont close the solution.

So in that case, the following code should not give an error:

security.logout()	;
globals.globis_webshop_login(_webshop_id);

Unfortunately it does, so is this a bug?

2008-10-22 13:28 	http-8080-2 	INFO 	com.servoy.j2db.util.Debug 	shutDown
2008-10-22 13:28 	http-8080-2 	ERROR 	com.servoy.j2db.util.Debug 	Throwable
TypeError: undefined is not a function. (onOK; line 100)
     at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:584)
     at org.mozilla.javascript.NativeGlobal.constructError(NativeGlobal.java:544)
     at org.mozilla.javascript.NativeGlobal.typeError1(NativeGlobal.java:554)
     at org.mozilla.javascript.ScriptRuntime.call(ScriptRuntime.java:1239)
     at org.mozilla.javascript.gen.c382.call(onOK:100)
     at com.servoy.j2db.scripting.f.executeFunction(Unknown Source)
     at com.servoy.j2db.FormController.a(Unknown Source)
     at com.servoy.j2db.FormController.executeFunction(Unknown Source)
     at com.servoy.j2db.FormController$a.a(Unknown Source)
     at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.fireActionCommand(Unknown Source)
     at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor.onEvent(Unknown Source)
     at com.servoy.j2db.server.headlessclient.dataui.WebEventExecutor$1.onEvent(Unknown Source)
     at org.apache.wicket.ajax.AjaxEventBehavior.respond(AjaxEventBehavior.java:163)
     at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:293)
     at org.apache.wicket.request.target.component.listener.BehaviorRequestTarget.processEvents(BehaviorRequestTarget.java:100)
     at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
     at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1171)
     at org.apache.wicket.RequestCycle.step(RequestCycle.java:1248)
     at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1349)
     at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
     at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:387)
     at org.apache.wicket.protocol.http.WicketServlet.doGet(WicketServlet.java:124)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
     at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:581)
     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
     at java.lang.Thread.run(Unknown Source)
2008-10-22 13:28 	http-8080-2 	ERROR 	com.servoy.j2db.util.Debug 	undefined is not a function.
2008-10-22 13:28 	http-8080-2 	INFO 	com.servoy.j2db.util.Debug 	Unregistering client: e5f5b11e-33c3-4345-a0a4-ad6ad9766622
2008-10-22 13:28 	http-8080-2 	INFO 	com.servoy.j2db.util.Debug 	no record found
2008-10-22 13:28 	http-8080-2 	INFO 	com.servoy.j2db.util.Debug 	shutDown

It is the webclient only that doesn’t work like expected.
Smart client is working correct

yes the webclient did always a shutdown
i fixed that with the new code it is now insync with the smart client.

Ok I thought I became crazy

I was trying to find a workaround, but that doesn’t work either.

I tried to make the same URL as that was called:

globals.webshop_startup_url = application.getServerURL() + '/servoy-webclient/ss/s/' + application.getSolutionName() + '/m/webshop_login/a/' + _arg ;

The URL that was called was:

http://192.168.73.200:8080/servoy-webclient/ss/s/fds_webshop/m/webshop_login/a/f7fb71a2-b8fb-4b97-9a17-087042dd642b

But the result in globals.webshop_startup_url in webclient is:

http://localhost:8080/servoy-webclient/ss/s/fds_webshop/m/webshop_login/a/f7fb71a2-b8fb-4b97-9a17-087042dd642b

Looks like application.getServerURL() is not returning the correct URL. Is there a place where I must change localhost by 192.168.73.200 (or the real hostname)

I tried also in smart client. There I see client URL and not server URL.

http://192.168.73.21:8080/servoy-webclient/ss/s/fds_webshop/m/webshop_login/a/f7fb71a2-b8fb-4b97-9a17-087042dd642b

When I run smart client I see the correct URL.

try it in the webclient without the serverurl