Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » Application with and without authentication
Application with and without authentication [message #1858018] Sat, 11 March 2023 09:34 Go to next message
Krzysztof Leja is currently offline Krzysztof LejaFriend
Messages: 55
Registered: April 2019
Member
Hi. In my scout application (java version) I would like to allow two ways of access:
- Access open to everyone with no login requirement. Then general information for everyone will be presented.
- Ability to create an account and log in. After logging in, user will have access toadditional options and information.

My questions:
1. Does the scout framework allow such a thing and how to best implement it in the code? Are there any examples of such an application?
My idea, not tested yet:
If the user chooses to log in, then my custom login window will be presented to him, and after successful authentication, information about this fact will be saved in the server-side session. It will be read in the GUI and additional functions will be made available.
2. For open access (without logging in), is it possible to somehow disable the automatic session expiration message so that it is only displayed to the logged in user?
Re: Application with and without authentication [message #1860904 is a reply to message #1858018] Thu, 07 September 2023 16:35 Go to previous message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 200
Registered: November 2010
Senior Member
Krzysztof Leja wrote on Sat, 11 March 2023 09:34
1. Does the scout framework allow such a thing and how to best implement it in the code? Are there any examples of such an application


Yes, it should be possible, but it requires some work. I assume you are using Scout Classic. Each request is passed through a series of application-sepcific "access controllers". You can implement this security filter such that it succeeds without any login credentials. This technique is used by the DevleopmentAccessController to make it unecessary to log-in during development on your local machine. The Scout example apps (Widgets, Contacts) also automatically log you in as "anonymous".

See it in action: https://scout.bsi-software.com/contacts/
Source code: https://github.com/bsi-software/org.eclipse.scout.docs/tree/releases/22.0/code/contacts

It should be possible to add your own access controller that can handle both cases. You probably also have to modify the login page (e.g. by adding a "Start without login" button).

Krzysztof Leja wrote on Sat, 11 March 2023 09:34
For open access (without logging in), is it possible to somehow disable the automatic session expiration message so that it is only displayed to the logged in user?


In Scout classic, everything you see on the screen has a representation on the UI server. The states of the different windows are organized in sessions. When the session is gone, the UI can no longer react to any user actions. Therefore, we show a popup when this happens. Simply not showing the popup is usually not desirable, because all buttons, menus etc. will not work anymore.

Here are some ideas:


  • Increase the session timeout to a very large value. This has the problem that sessions last longer and the server therefore needs more memory.
  • Use ScoutJS to implement the application. In this setup, all code is written in JavaScript/TypeScript and is executed in the browser. The UI server is only necessary initially to load the JS/CSS resources. Such an application therefore never expires. Read more about Scout JS in the documentation. You can see it in action here: https://scout.bsi-software.com/jswidgets/
  • Use a static website (using any technology, or written by hand) for your non-logged-in users. You can even use it to call REST services on the Scout server. This very much depends on the kind of your application.


Regards,
Beat
Previous Topic:Extension visibility
Next Topic:ClassNotFoundException when convereting permission names from database to classes
Goto Forum:
  


Current Time: Wed Feb 21 05:17:15 GMT 2024

Powered by FUDForum. Page generated in 0.02442 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top