Well, the login is done as down below
So there is a form, the username and password are sent to the server using rpc, on the user is checked and the password verified (BCrypt hash), and then if they match, in the onSuccess() method the user is redirected to the new Place with the username as token.
-- final String username = usernameBox.getText();final String password = passwordBox.getText();GWT.runAsync(new RunAsyncCallback() {
@Override public void onSuccess() { performUserConnection(username, password); }
@Override public void onFailure(Throwable reason) { // TODO Auto-generated method stub }});
private static void performUserConnection(String username, String password) { DOM.getElementById("loading").getStyle().setDisplay(Display.BLOCK); DBConnectionAsync rpcService = (DBConnectionAsync) GWT.create(DBConnection.class); ServiceDefTarget target = (ServiceDefTarget) rpcService; String moduleRelativeURL = GWT.getModuleBaseURL() + "DBConnectionImpl"; target.setServiceEntryPoint(moduleRelativeURL);
rpcService.authenticateUser(username, password, new AsyncCallback<User>() {
@Override public void onSuccess(User user) { DOM.getElementById("loading").getStyle().setDisplay(Display.NONE); if (user.getType().equals("User")) { String username = user.getUsername(); presenter.goTo(new UserPlace(username)); } else if (user.getType().equals("Admin")) { String username = user.getUsername(); presenter.goTo(new AdminPlace(username)); } }
@Override public void onFailure(Throwable caught) { DOM.getElementById("loading").getStyle().setDisplay(Display.NONE); DialogBox dialogBox = createDialogBox(); dialogBox.setGlassEnabled(true); dialogBox.setAnimationEnabled(true); dialogBox.center(); dialogBox.show(); }
});}So there is a form, the username and password are sent to the server using rpc, on the user is checked and the password verified (BCrypt hash), and then if they match, in the onSuccess() method the user is redirected to the new Place with the username as token.
How should I change this ?
luni, 6 iunie 2016, 14:47:47 UTC+3, Olar Andrei a scris:
luni, 6 iunie 2016, 14:47:47 UTC+3, Olar Andrei a scris:
Hello,For now my aplication (MVP) has a login page, and 2 other palces, the AdminPlace and the UserPlace.My URL looks like this:The login form consists of username and password, where the username is passed as a token to the next Place.A user can't connect if he does not know the password, but let's say I'm logged in like in the link above. If I change the Admin to Admin2 or whatever, I still can see the page content. I don't want this. How can I avoid this ?Thanks in advance
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment