Authentication

Provide custom authentication interface to login users.

Tutorial

Create a web plugin

The web plugin registers the resources needed, and creates a route the form will POST credentials.

app.registerBeforeAuthenticationJavaScript("/org/visallo/examples/authentication/plugin.js");
app.registerJavaScript("/org/visallo/examples/authentication/authentication.js", false);
app.registerJavaScriptTemplate("/org/visallo/examples/authentication/login.hbs");
app.registerCss("/org/visallo/examples/authentication/login.css");
app.registerResourceBundle("/org/visallo/examples/authentication/messages.properties");

app.post(AuthenticationHandler.LOGIN_PATH, login);

This extension deviates from others in that the authentication plugin.js is registered using registerBeforeAuthenticationJavaScript. Since all plugin JavaScript isn't loaded until after login, we need a different way to add scripts to the page earlier. Only the plugin file that registers the extension needs to be registered in this way. The actual authentication component is registered using registerJavaScript with the second parameter, includeInPage set to false, resulting in the component not being loaded on page load, but is always available to RequireJS.

Register Extension

Register the authentication extension in the plugin.js file.

define(['public/v1/api'], function(visallo) {
    'use strict';

    visallo.registry.registerExtension('org.visallo.authentication', {
        componentPath: 'org/visallo/examples/authentication/authentication'
    })
});

Create Component

Create the FlightJS authentication component.

define([
    'public/v1/api',
    'hbs!./login'
], function(
    visallo,
    template) {
    'use strict';

    return visallo.defineComponent(ExampleAuthentication);

    function ExampleAuthentication() {
        // 104 lines hidden…
    }

});

When the login request succeeds, the component triggers loginSuccess, this notifies Visallo that the application loading process should attempt to continue loading. If the session is not valid, the front-end state is undefined.

$.post('login', {
    username: $username.val(),
    password: $password.val()
}).fail(function(xhr, status, error) {
    self.submitting = false;
    if (xhr.status === 403) {
        error = i18n('org.visallo.examples.authorization.invalid');
    }
    $error.text(error);
    self.enableButton(true);
})
.done(function() {
    self.trigger('loginSuccess');
})

Login Route

The login route uses Visallo's UserRepository to create users, then prepares the session using CurrentUser.set.

public JSONObject handle(
        HttpServletRequest request,
        @Required(name = "username") String username,
        @Required(name = "password") String password
) throws Exception {
    username = username.trim();
    password = password.trim();

    if (isValid(username, password)) {
        User user = findOrCreateUser(username);
        userRepository.updateUser(user, new UserNameAuthorizationContext(username, RemoteAddressUtil.getClientIpAddr(request)));
        CurrentUser.set(request, user.getUserId(), user.getUsername());
        JSONObject json = new JSONObject();
        json.put("status", "OK");
        return json;
    } else {
        throw new VisalloAccessDeniedException("", null, null);
    }
}

More Examples

Visallo includes some default authentication plugins, including username and password, with forgotten password support.

Example Authentication Component

Example Login Route

results matching ""

    No results matching ""