Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

ExtJS and page authorization (server-side)

Tags:

extjs

extjs4

I'm looking for information on how to implement secure pages using ExtJS 4. By secure pages I mean the user will log into our website using Siteminder (SSO) and so we will have the user's identity. Then we would determine what roles the user would have by making a database/LDAP call and only render those views/components that the user has access to.

Several questions come to mind:

1.) Of course I would expect we would do the authorization check prior to rendering the pages on the server-side, so how do you do this prior to firing Ext.onReady()? I need to have the ExtJS wait for the response from the server?

2.) What is the best way to organize a page's components where the case may be someone could see a particular component and another person cannot?

3.) How do I deliver the resulting page (i.e., the pieces the user has access to) to the client?

TIA!

like image 410
occasl Avatar asked Feb 24 '12 18:02

occasl

2 Answers

If you're working from a Java background and are comfortable using Spring, I wrote up an approach using Spring Security here. This will allow you to plug-in any authentication mechanism you want. The main difference is that instead of using an index.html to bootstrap the application, I have a JSP so that the Spring Servlet Filter will fire for authentication. The Ext JS app blocks until the user is authenticated and the user's roles/permissions are provided.

like image 135
occasl Avatar answered Oct 31 '22 19:10

occasl

  1. Use a server side technology to pre-process authorization by putting your JS App launch script into a JSP/GSP. What this does is forces server side components to kick off first and then render the HTML/JS/CSS to the client. For full RIA app use index.gsp(or jsp) and the your URL stays "domain/contextroot" .

  2. You can interrogate access privs to content via ajax request to server or alternatively you could set JS variables via again JSP technology that is processed first before the rest of the client response is returned.

< g:javascript>

  //global env var definition 
   var env = "${System.getProperty(Environment.KEY)}";

< /g:javascript>

Both of these are not 100% safe as client side code can be altered. The real security enforcement must be handled on server side when data is submitted for processing.

'3. Easy way would be to hide/show views etc based on 2. above. There are also some experimentation out there with modularizing the client side MVC application by lazy(manually) initializing controllers that may or may not be needed.

Hope this helps.

DB :)

like image 43
2 revs Avatar answered Oct 31 '22 19:10

2 revs
Sign in to Comment

Related questions

Extjs 4.0 store - how to find fields in the store (or model)
ExtJs HTML Component Click Event
Revert Back Modified Record
change color of rows in grid in ExtJs
Firing onItemDisclosure event causes itemtap event to fire
Send user details (session token) within every AJAX requests (Sencha Touch 2)
how to get value from Ext.Ajax.request
Store with MixedCollection data
How to align label on top of text Area
How to fit gridPanels columns?
Extjs grid column header, add dropdown menu item to specific columns
Extjs 5 hasMany vs field.reference
ExtJS panel orientation - Right-To-Left
pre-selecting value in Combo box in extjs
EXTJS TextField Help in the side
EXTJS OnClick Tab Event
Ext Js: make button a link
Access to http status code from Ext.data.Store
extjs 4 form still has record set after form.reset();
In ExtJS, how do I make store.load(config) send parameters not limited to the predefined?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!