User roles in GWT applications - gwt

I'm wondering if you could suggest me any way to implement "user roles" in GWT applications. I would like to implement a GWT application where users log in and are assigned "roles". Based on their role, they would be able to see and use different application areas.
Here are two possible solution I thought:
1) A possible solution could be to make an RPC call to the server during onModuleLoad. This RPC call would generate the necessary Widgets and/or place them on a panel and then return this panel to the client end.
2) Another possible solution could be to make an RPC call on login retrieving from server users roles and inspecting them to see what the user can do.
What do you think about?
Thank you very much in advance for your help!

Another way is to host your GWT app in a JSP page. Your JSP might contain a snippet of code like this
<script type="text/javascript">
var role = unescape("${role}");
</script>
Where ${role} is expression language expanded from value you computed from the associated servlet / controller and exposed to the JSP.
When your GWT app runs in the browser, the value will be filled out. Your GWT app can easily call out into JS to obtain this value from a native method call, e.g.
public native String getRole() { /*-{ return $wnd.role; }-*/;
So your module could invoke getRole(), test the value and do what it likes to hide / show elements.
Obviously your backend should also enforce the role (e.g. by storing it in the session and testing it where appropriate) since someone could run the page through a JS debugger, setting breakpoint or similar that modifies the value before it is evaluated allowing them to access things they shouldn't be accessing.

Following scenario works for me:
GWT app is behind security constraint.
On module load I make RPC call to retrieve roles from the container. I store them in main GWT module's class as static field, to make it easy for other classes to use it.
Each widget (especially menu) can use roles (e.g. call Main.getRoles()) and construct itself according to roles. I don't pass roles in constructor. Each widget knows how to behave depending on role.
If it's crucial to not only hide things but also enforce them you can use container security and check roles and rights while invoking business methods.
While using GIN you can also create singleton class to store roles retrieved during login and inject it wherever you need it.

Related

Jira calls external REST Service

My Problem: I want to introduce a new field in JIRA with status information from external REST Service (response is json).
Plan: Every Jira issue has a input field with some reference string. Behind this field there should be a panel, what should display informations from the external REST call (parsing response JSON is required).
Can someone give me some good info pages, how to tell JIRA to call external REST Service?
If you don't want to build it see:
nFeed
HTTP Feed Custom Field
If you want to build it yourself then start by following this tutorial on Creating a custom field type which is to more or less store a basic String within the database. (This would be the reference string)
You then have two options, the first is within the JiraCustomField class override the getVelocityParameters which was taken from How to call a java method from velocity Atlassian Answers question.
Then create a method (fetchValueFromWebService(String val)) that you would call that would contain code to query the REST Service based off the fields value that would be passed in from the velocity template. (E.g. $instance.fetchValueFromWebService($value))
To perform the actual web service call you can use any library you want, just see the Managing Dependencies documentation so it gets included in the plugin. (For example using the Jira Jersey version see this)
Your other option would be to within the view-basictext.vm have it use javascript and perform an AJAX to the web service by calling a function in your own JS file and dump that into a span that you have defined: (See Including Javascript and CSS resources)
<span id="webServiceValue"></span>
<script type="text/javascript">
fetchValueFromWebService($value);
</script>
You would however need to ensure that the webservice has Cross-origin resource sharing (CORS) enabled if you go the AJAX route.

CakePHP 3 allow only REST index.json and and.json (no normal views) with Auth

I've created the blog from blog tutorial, and I would to protect articles list, but I want that this be accesible across REST, I've activated json extensions.
All works well. I can add and retrieve list, but now I want to deny index and add from web and only be accesible from .json to public.
I tried with
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('index.json');
}
But this obviously doesn't work. All webpage is login protected as is in tutorial. Web services should be accesible to Android App (code is ready and working).
Thank you!
Of course that doesn't work, the allow() methods expects valid method names, and that's all the authentication component cares about, method/action names, it doesn't matter how the action was requested.
What you are trying to do requires you to check the type of the request, and based on the results, allow the actions. Checking the request type can be done using Request::is().
See Cookbook > Request & Response Objects > Checking Request Conditions
So it might be as simple as
if ($this->request->is('json')) {
$this->Auth->allow(['index', 'add']);
}

Token is not getting a value when the form sent by email

I'm developing a basic recruitment-type website.
I have an "Apply" CustomForm attached with a contenttype("Job"), but I can't get access fields outside of the CustomForm widget. I'm trying to add the reference number or the url to the email within the workflow. Orchard shows {Content.Fields.Input-Reference} token, but it returns no value when used.
Should I overwrite the handler when the form is created or how can I access fields of other zones?
As far as I understand the question, you don't actually need to add a custom token to your module. Custom Forms module takes care of that for you and adds the tokens for fields itself. You just need to use them in the email module.
Just look for a tokens named like this:
Content.Fields.[FormContentTypeName].[FieldName]
Not that the tasks of adding custom tokens to the system and accessing them inside the workflow are particularly hard, mind you.

Why GWT URL doesn't change on an event or a service call?

I have two questions:
Q: 1
I'm currently developing a GWT app. The entry point for the app is: ImageViewer.java. I could well access it by http://127.0.0.1:8888/ImageViewer.html?gwt.codesvr=127.0.0.1:9997. I have a service called "Search" which has corresponding "Async" and "Impl"'s defined. Now, I call the service from client side, using RPC. I could call the service, obtain return value. Everything works fine.
However, I expect the application to show a behavioral change on URL. i.e. when a service is being accessed, I thought it would be reflected on the browser's URL something like: http://127.0.0.1:8888/search?gwt.codesvr=127.0.0.1:9997 as I've modified web.xml. However, this behavior is not realized. Any particular reason why this is not reflected??
Q:2
This one is a reverse of the previous ques. i.e. I have an application running. Let's say it has an entrypoint class(Imageviewer.java) and another composite class (searchClass.java) which would be loaded on the Imageviewer based on an event. This searchClass invokes the "search" service mentioned in the previous question.
I could load the "searchClass" in "Imageviewer", invoke the service, and the service also returns the value needed. Everything works fine... But,
I need something like this: by just typing this query string:
http://127.0.0.1:8888/search?value=John
I want the "searchClass" to be loaded on the "ImageViewer", call the service using the value(which is "john" in this case) and display the result. Is this possible at all?
what I've tried: I have tried to create a httpServletClass on the server and mapped it with the URL and could do the search. The search returns appropriate results. However, I want the results from the server to be displayed on the client. Remember, I'm directly using a servlet to read the URL and so there is no value being passed from client to server.
Thanks in advance.
A: 1. To change URL, the hash part, you need to set new history token in the History class. More about history management in this article.
A: 2. For the second part you could achieve it by changing the history token, for instance "http://127.0.0.1/search#value=John". The history service will trigger an event if the # part changes. You could also use the part with "?", as in your example, if you use Window.Location , but it will cause reload of the application, which would put the whole idea of using GWT in question.
RPC (AJAX) calls are done Via XHR and do not change the browser URL.
You can't (with the URL you presented). GWT apps normally run in one web page, i.e. the URL does not change (see how gmail changes browser url bar). What you can do is enable GWT history support. Then your url would be http://host/#search?value=queryu

How to create multiple login views using Zend Framework?

I'm new to ZF and need to create multiple login views for each of my 3 user types, employees, employers and admins. Should I use the indexcontroller to serve up the login for the employees and create separate controller classes to handle the employer and admin login pages? How might I utilize JQuery to direct my employer and admin users to the correct login page from the index view?
Thanks much:)
I can give you 2 options.
Modules
Split your Application into logical segments called modules, for those 3 groups each group will receive its own Module.
Each module mimics the well known standard "Application" structure:
module
Controllers
Models
etc
ACL
http://framework.zend.com/manual/en/zend.acl.html
You check which type of user is currently logged and decid via "if()" statements which view should be rendered.
Custom view rendering is done as described by "Lobo":
via
$this->_helper->viewRenderer->setRender('view-name');
If you don't have any user session data, I mean, if you absolutely do not know of which kind the user visiting your page is you simply have to serve 3 links to either a different module or different controller or to one and the same controller but passing the user type as param.
Examples:
Link to module: /modulename/controllername/actionname/
Link to certain controller: /emplyeecontroller/login
Link to general controller handling different params: /logincontroller/login/type/emplyee
There are many possible solutions to achieve your desired aim.
You have to decide which one fits the most into your project.
I would say that this is a bit to open ended to answer in a good way, but I'll try to fill in the blanks with my imagination and give you an answer. I don't use JQuery so I can't give you an answer there unfortunately.
If this is just to handle login I would guess that the logic is more or less the same (and even if it isn't the logic should be in models anyway), and you just want to change the visual appearance, so then you could use the code
$this->_helper->viewRenderer->setRender('view-name');
This code will render the view called /application/views/scripts/controller/*view-name*.phtml by default. Thus you can get whatever variable you use to distinguish the different users and give them the right view.
If there's more differences than just the visual I would probably use different actions within a loginController or something like that.
Then I would use standard indexAction (and thus the view index.phtml as default) for the normal employees, and on that page show some kind of text like "Not an employee? Go to the employers login instead". Employers are then directed to login/employer or something like that which by default will call the employerAction and use the employer view. And then you do something similar with the admin login. the controller will then look something like this
<?php
class LoginController
{
public function indexAction()
{
/*Do login stuff here*/
}
public function employerAction()
{
/*Do login stuff here*/
}
public function adminAction()
{
/*Do login stuff here*/
}
}
Lastly, if there are major differences between how the different users interact with your page, you might consider looking into modules.
You can find all this information at http://framework.zend.com/manual/en/manual.html