Tags
People
Badges
Help-
CORE FRAMEWORK
FEATURED COMPONENTS
-
RESOURCES
-
LEARN ZK
RESOURCES
I have a login with zk this is my login:
<zk>
<window id="Mnos" border="normal" width="320px"
apply="org.zkoss.bind.BindComposer"
viewModel="@id('vm') @init('login.Login')">
Username: <textbox value="@save(vm.username)"/>
Password: <textbox value="@save(vm.password)" type="password" />
<button label="submit" onClick="@command('login')" />
</window>
</zk>
And this is my model:
public class Login {
String username;
String password;
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
@Command
@NotifyChange({"username", "password"})
public void login() {
Users user = UsersDAO.getUserByEmail(username);
if(user != null && md5function.MD5(password).equals(user.getPassword())){
Executions.sendRedirect("/mainWindow.zul");
Sessions.getCurrent().setAttribute("sessionUser", user.getIdUser());
boolean role = false;
if(user.getIdRole().getTypeRole().equals("ADMINISTRATOR")){
role=true;
}
Sessions.getCurrent().setAttribute("sessionRole", role);
}else
Messagebox.show("email or password incorrect");
}
}
The problem is that i do not have a secure login, a user can go to another page without do the login.
My login only verify if the user and the password of the user exist in the database, and i do not know how can i integrate the security to my pages.
I have two roles:
Administrator
User
And i save a sessionVariable call: sessionRole with true if the user is administrator, but, and i have in my view in some tabs if the role is true: visible = true, i do not know if it is well.
Somebody can help me?
I am reading:
http:// books.zkoss.org/wiki/ZK%20Spring%20Essentials/Working%20with%20ZK%20Spring/Working%20with%20ZK%20Spring%20Security/Add%20Page%20Based%20Security%20Using%20Authorized%20Roles
But i do not understand very well the configurations
And other examples use maven, and my project not use maven =S
If you don't need Spring for anything else in you application and are just trying to use if for security, have a look at Shiro instead. Easier to understand and install/setup than Spring.
If spring is complex for your use case, you can use the ZK if-attribute to hide certain elements based on a condition or use the Initiator listener to trigger a redirect in case a user is not authenticated or not authorized to view a page.
Check the examples on this tutorial.
Asked: 2013-10-19 14:46:03 +0800
Seen: 31 times
Last updated: Oct 22 '13
