Managing credentials using ZK Sessions

From Documentation
Revision as of 10:14, 21 October 2010 by Tmillsclare (talk | contribs)

Stop.png This article is out of date, please refer to http://books.zkoss.org/zkessentials-book/master/ for more up to date information.


One of the paradigms used within the essentials guide is the singleton managers which live within the session. The basic premise for storing singletons in the session is the fact that they are available anywhere at any time and user credential specific, when the session expires the login credentials are conveniently cleared.

The Credentials Manager

For managing credentials we create a singleton named UserCredentialManager which wraps a UserDAO. Additionally the UserCredentialManager will expose two getInstance methods, one which takes a Session and one that doesn’t. The basic concept is that when the instance is retrieved it will check the Session for an existing credential manager and if there isn’t one present it will create one.

The code below demonstrates the two getInstance methods along with the creation of the userDAO in the constructor.

<syntax lang="java" high="11,18"> public class UserCredentialManager {

private static final String KEY_USER_MODEL = UserCredentialManager.class.getName()+"_MODEL"; private UserDAO userDAO; private User user;

private UserCredentialManager(){ userDAO = new UserDAO(); }

public static UserCredentialManager getIntance(){ return getIntance(Sessions.getCurrent()); } /** * * @return */ public static UserCredentialManager getIntance(Session zkSession){ HttpSession httpSession = (HttpSession) zkSession.getNativeSession();


// Session session = Executions.getCurrent().getDesktop().getSession(); // Session session = Executions.getCurrent().getSession(); Session session = Sessions.getCurrent(); synchronized(zkSession){ UserCredentialManager userModel = (UserCredentialManager) zkSession.getAttribute(KEY_USER_MODEL); if(userModel==null){ zkSession.setAttribute(KEY_USER_MODEL, userModel = new UserCredentialManager()); } return userModel; } } } </syntax>

The manager is very standard exposing a login method which if successful sets the User object and a isAuthenticated method which checks to see whether the user is null and returns accordingly. Having put this into place we can now make use of it in our controller to change the page flow of the application.

Redirecting the user depending on the UserCredentialManager

If we think back to our login page and use case we have two places we need to check for a valid user. Once when the user navigates to the page and when the user presses the confirm button. If the user is authenticated then we need a way to redirect to the index page. This is handled using the Execution class which provides information about the current execution, such as the request parameters.

A GenericForwardComposer contains an Execution object named execution which is accessible. If we need to access it outside of a GenericForwardComposer we can retrieve the current execution by calling the getCurrent() method in the Executions class as it is static.

The Executions.sendRedirect(String) class has a method named Executions which will redirect the user to a page you specify, in this case “index.zul.”

<syntax lang="java" high="2"> if(UserCredentialManager.getIntance(session).isAuthenticated()){ execution.sendRedirect("index.zul"); } </syntax>

This concludes the login topic, next we will deal with displaying information to the user using a Grid and Listbox.



Last Update : 2010/10/21

Copyright © Potix Corporation. This article is licensed under GNU Free Documentation License.