...
Table of Contents | ||
---|---|---|
|
Listed below are some typical security implementations in Servoy applications.
...
The tenant is verified during login before actual authentication occurs.
Code Block |
---|
function login(){
errorMessage = null;
if(!userName){
errorMessage = 'Please specify a user name';
return false;
}
if(!password){
errorMessage = 'Please specify a password';
return false;
}
var tenantID = security.authenticate("myAuthenticator","getTenant",[userName]);
if(tenantID){
if(security.authenticate("myAuthenticator","loginUser",[userName,password])){
return true;
} else {
errorMessage = "No tenant found. Please check your password";
}
}
errorMessage = 'Login Failed';
}
|
...
The code below is an example of a typical authentication method.
Code Block |
---|
function loginUser(user, password) {
if (!(user && password)) {
application.output('Unexpected credentials received', LOGGINGLEVEL.DEBUG);
return false;
}
var authenticated = ... //either query database or use LDAP
if (authenticated) {
var ok = security.login(user, user, ['group']) // Assume a group for each department
application.output('User ' + user + ' authenticated: ' + ok, LOGGINGLEVEL.DEBUG);
return ok;
}
application.output('User ' + user + ' could not be authenticated', LOGGINGLEVEL.DEBUG);
// Sleep for 3 seconds to discourage brute force attacks
application.sleep(3000);
return false;
}
|
...