JSDOSession mixed authenticationModel FORM and ANON

Posted by kh-it on 14-Aug-2017 06:56

Dear,

I was testing if I could use a service without being logged on.
So I added the service (ex. name=UnAuthenticatedService) to my spring security files.
Great it was working directly when making some calls outside our application.

But then I needed to integrate it into our application....
So we have 2 parts one part that needs all services with authentication and one part without authentication.
So I was trying to create 2 JSDOSessions but can't get it to work.

I'm sure many people has integrated something like this before, because you have to show the user some content before they can log on or some content that is public.

Thx
Kind regards

Posted by egarcia on 14-Aug-2017 11:25

Hello,

Thank you for the info.

When a session is created and a catalog is loaded, the resources specified in the catalog are registered internally.

This allows you to later use syntax such as "new progress.data.JSDO({name: pResourceName});" to instantiate a JSDO without specifying the session.

However, only one resource with a given name can be used. You would get the error message "A resource named '<resourcename>' was already loaded" if a resource with the same name is found in another catalog.

Notice that in this case, because an exception is thrown, the regular processing of the catalog is stopped, i.e., additional resources listed in the catalog might have not been registered.

Depending on your needs, you could just leave the specific resource in one catalog / session. For example, if the resource needed to be anonymous, the access to this resource would always be anonymous.

Another approach, would be to logically create two resources, perhaps, two Business Entities with different names.

You could use inheritance or wrap the methods to reuse the code. This would allow you to logically access the data  anonymously then with authentication (for example if you want to do auditing).

We have a story in our backlog to allow one resource to be in more than one session, in which case you would need to qualify the name of the resource. This may be addressed in a future version.

I hope this helps.

All Replies

Posted by egarcia on 14-Aug-2017 09:00

Hello,

You should be able to use multiple services with and without authentication.

In the past, I had an application that used an anonymous service on the OEMobileDemo machine and also used Rollbase with FORM-based authentication.

> So I added the service (ex. name=UnAuthenticatedService) to my spring security files.

> Great it was working directly when making some calls outside our application.

A new service would support anonymous access by default.

Could you provide more details on the issue?

What version of OpenEdge are you using?

What changes did you do to the security files?

Do you get any error messages in the JavaScript Console?

I hope this helps.

Thank you and regards.

Posted by kh-it on 14-Aug-2017 10:59

Dear Egarcia,

Progress version 11.7.1

jsdo 4.3.1 (upgrade planned 4.4)

I added this line "/rest/UnAuthenticatedService/**","*","permitAll()" in oeablSecurity.csv for bypassing the security.

But at a certain moment we use

- new progress.data.JSDO({name: pResourceName});

I don't know how to use it with 2 JSDOSessions? Can you explain this a little bit or does he do it automatically?

But by the way the problem I had is solved in the mean while :)

The problem was that I load one service in both JSDOSessions and I think next error was indicating this:

A resource named '<resourcename>' was already loaded. I wasn't logging the fail of the promise when I did it I removed the service and now it was working.

Thank you in advance.

Posted by egarcia on 14-Aug-2017 11:25

Hello,

Thank you for the info.

When a session is created and a catalog is loaded, the resources specified in the catalog are registered internally.

This allows you to later use syntax such as "new progress.data.JSDO({name: pResourceName});" to instantiate a JSDO without specifying the session.

However, only one resource with a given name can be used. You would get the error message "A resource named '<resourcename>' was already loaded" if a resource with the same name is found in another catalog.

Notice that in this case, because an exception is thrown, the regular processing of the catalog is stopped, i.e., additional resources listed in the catalog might have not been registered.

Depending on your needs, you could just leave the specific resource in one catalog / session. For example, if the resource needed to be anonymous, the access to this resource would always be anonymous.

Another approach, would be to logically create two resources, perhaps, two Business Entities with different names.

You could use inheritance or wrap the methods to reuse the code. This would allow you to logically access the data  anonymously then with authentication (for example if you want to do auditing).

We have a story in our backlog to allow one resource to be in more than one session, in which case you would need to qualify the name of the resource. This may be addressed in a future version.

I hope this helps.

This thread is closed