|Re: Login with Database connection [message #1798617 is a reply to message #1798239]
||Wed, 21 November 2018 09:09
| Patrick Bänziger
Registered: September 2011
There is no working example at this time for this.
The basics you'll need to implement are as follows:
- Add a login page and necessary redirects and configuration (This should be handled in the HelloWorld app)
- Add an access controller to the front-end Servlet (UI) to authenticate what the user entered against a data source. (In several examples, this is done against a static config file). This is typically done in the UiServletFilter class, where you add additional AccessControllers. In this controller, you'll contact your backend with the credentials.
- Implement a service that performs authentication against the database or external authentication provider. This would typically be done on the backend server. Most likely, since you haven't got a user and can't call Scout services like that (without additional work), you'll implement an additional Servlet and register it in the web.xml. To do anything with the database, don't forget to create a new ServerRunContext here!
A good starting point would be this question.
As always with security matters: Please be careful with your implementation and consider security risks and OWASP best practices. Depending on your environment and deployment scenario, you might be able to delegate authentication to a webapp container or use an existing well-tested implementation.
Otherwise, the Scout SecurityUtility has many methods to help you create hashed and salted passwords, if you really need to implement it yourself.
Powered by FUDForum
. Page generated in 0.01791 seconds