Table of Contents | style | upper-roman
---|
Stoc |
Listed below are some typical security implementations in Servoy applications.
Practical where the security will be managed by the developer of the application and does not require anyone else configuring users or permissions.
...
To allow tenant administrators or "super users" to adminstrate users, or if you are using an external authentication source, you must create custom authentication. Custom authentication will allow the developer to use a users table in the database for authentication or access an external authentication directory.
...
Info | ||
---|---|---|
| ||
When first introduced in Servoy, this method of using Login and Authenticator solutions was referred to as Enhanced Security. If you are looking for any references to this method in other resources (such as the Servoy Forum), you may try searching Enhanced Security. |
For almost every implementation of security, the solution should have an onOpen method assigned. This event is triggered right after the authentication process is complete. Some of the functions of this method in regards to security include:
The code below is an example of a typical custom login method. In this scenario, the login page contains the following form variables:
...
Code Block |
---|
function login(){ errorMessage = null; if(!userName){ errorMessage = 'Please specify a user name'; return false; } if(!password){ errorMessage = 'Please specify a password'; return false; } var tenantID = security.authenticate("myAuthenticator","getTenant",[userName]); if(tenantID){ if(security.authenticate("myAuthenticator","loginUser",[userName,password])){ return true; } else { errorMessage = "No tenant found. Please check your password"; } } errorMessage = 'Login Failed'; } |
The code below is an example of a typical authentication method.
...
Note that you have the choice of querying the database or getting an external authentication. You may also read a user groups table to create the array of groups the user has privileges with. Also not that the only thing that is returned is a true or false and that reporting errors to the user does not occur at the authenticator level.
In a fully custom security implementation, both authentication and authorization information is handled outside of Servoy built in security paradigm.
...