[Seaside] setting up security on components

James j at mesbridger.com
Sun Jun 12 01:32:10 CEST 2005


Hi all,

I am trying to set up a security system on an application where different users will have the rights to see different components. By default a user will be set as a Guest account and stored in a subclass of WASession. When they try to view a secured component it should check if they have permission. If they do the component is shown, if they do not a login dialog is shown. If they login successfully their new user is stored in the session and the component retries the check for permissions.

I have tried to implement this by defining a WASecuredComponent class which is a subclass of WAComponent. This has the following methods
renderContentOn: html
    self checkPermission.
checkPermission 
    (self session user checkPermissionTo: self ) ifFalse: [self requestLogin. self checkPermission.]
requestLogin 
    (self call: WALogin new) ifFalse: [self requestLogin].

Classes to be secured extend WASecuredComponent and have to start renderContentOn with
super renderContentOn: html.

WALogin extends WALoginDialog and contains
login 
    | user |
    user := WAUser verifyPassword: password forUser: username.
    (user userId > 0) ifTrue: [ self session user: user.].
    self answer: (user userId > 0).

At first it all seems to work OK. I get the login dialog if I don't have permission to view the component. Entering an invalid password or one without permission on the component leads to the login dialog showing again. Entering a correct password leads to the secured component showing. However if I try to do something with the secured component, such as post a form on it, I get the "Components not found while processing callbacks: #(a TAG.WAForm)" error. I know this error usually means a problem with a children method, but I can't see how that could be the case in this situation, particularly since my application has successfully shown the login form and the secured component already.  I have tried to debug, and it seems that the secured component is still delegated to the login form, despite the fact that the secured component has just been visible.

Am I going about this in the wrong way, or is there a mistake in my implementation?

I don't think the User, Session and other classes are relevant to this problem - let me know if their definitions would help. If it makes a difference I am using VW 7.3

Many thanks

James Bridger
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20050612/ba89866a/attachment.htm


More information about the Seaside mailing list