0

secure login

asked 2013-10-19 14:46:03 +0800

daovallec gravatar image daovallec
11 2

updated 2013-10-19 15:29:59 +0800

I have a login with zk this is my login:

<zk>
<window id="Mnos" border="normal" width="320px"
        apply="org.zkoss.bind.BindComposer"
        viewModel="@id('vm') @init('login.Login')">

    Username: <textbox value="@save(vm.username)"/>
    Password: <textbox value="@save(vm.password)" type="password" />
    <button label="submit" onClick="@command('login')" />

</window>
</zk>

And this is my model:

public class Login {

String username;
String password;

public void setUsername(String username) {
    this.username = username;
}

public void setPassword(String password) {
    this.password = password;
}


@Command
@NotifyChange({"username", "password"})
public void login() {

    Users user = UsersDAO.getUserByEmail(username);
    if(user != null && md5function.MD5(password).equals(user.getPassword())){
            Executions.sendRedirect("/mainWindow.zul");
            Sessions.getCurrent().setAttribute("sessionUser", user.getIdUser());
            boolean role = false;
            if(user.getIdRole().getTypeRole().equals("ADMINISTRATOR")){
                role=true;
            }
            Sessions.getCurrent().setAttribute("sessionRole", role);
    }else
        Messagebox.show("email or password incorrect");
}


}

The problem is that i do not have a secure login, a user can go to another page without do the login.

My login only verify if the user and the password of the user exist in the database, and i do not know how can i integrate the security to my pages.

I have two roles:

Administrator
User

And i save a sessionVariable call: sessionRole with true if the user is administrator, but, and i have in my view in some tabs if the role is true: visible = true, i do not know if it is well.

Somebody can help me?

I am reading:

http:// books.zkoss.org/wiki/ZK%20Spring%20Essentials/Working%20with%20ZK%20Spring/Working%20with%20ZK%20Spring%20Security/Add%20Page%20Based%20Security%20Using%20Authorized%20Roles

But i do not understand very well the configurations

And other examples use maven, and my project not use maven =S

delete flag offensive retag edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2013-10-20 13:59:05 +0800

Bobzk gravatar image Bobzk
428 1 5

If you don't need Spring for anything else in you application and are just trying to use if for security, have a look at Shiro instead. Easier to understand and install/setup than Spring.

Shiro Site

link publish delete flag offensive edit
0

answered 2013-10-22 02:53:10 +0800

cor3000 gravatar image cor3000
4466 2 7
ZK Team

If spring is complex for your use case, you can use the ZK if-attribute to hide certain elements based on a condition or use the Initiator listener to trigger a redirect in case a user is not authenticated or not authorized to view a page.

Check the examples on this tutorial.

link publish delete flag offensive edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

Follow
1 follower

RSS

Stats

Asked: 2013-10-19 14:46:03 +0800

Seen: 29 times

Last updated: Oct 22 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More