NetBeans Forums
| View previous topic :: View next topic |
| Author |
Message |
Milo
Posted via mailing list.
|
 Posted: Sun May 06, 2012 11:37 am Post subject: [platform-dev] Re: Session concept |
 |
|
Yes, you will store login and session specific informations.
Define a service and other module implements its service.
Note: The module providing such a service must be signed and tested for security if the user has not install any other intrusive module keeping session data.
I keep it in my mind it but I have not implemented that security checking yet (we have not use NB Platform in my firm).
* Geertjan *, please, would you write some idea, how to provide module which must be signed and only one? And must be some specific, e.g. by customer brand?
Milos
------------ Původní zpráva ------------
Od: Timon Veenstra <address-removed>
Předmět: [platform-dev] Re: Session concept
Datum: 06.5.2012 12:53:50
----------------------------------------
| Quote: |
I need to store some information about the user logged in (e.g. authentication
|
token), and access it from other modules. Do I need to use Looup mechanism for
this?
http://platform.netbeans.org/tutorials/60/nbm-login.html
I would probably put something like a UserSessionManager in the Lookup
(with use of the @ServiceProvider annotation).
NBPreferences are more suitable for persisting module information
between application startups (like save username checkbox).
I would always make such properties private for a module and do not
recommend to use it as mechanism to store data between modules.
If information from a module should be accessible from other modules,
there should be an API (like the UserSessionManager).
Cheers,
Timon |
|
| Back to top |
|
 |
xian
Joined: 29 Dec 2011
Posts: 15
|
| Posted: Sun May 06, 2012 12:04 pm Post subject: |
|
|
Thx, that's (almost) the way I'm doing... I'm using a Singleton for a UserSessionManager, and this way I can use it along all my modules. Maybe it's not the optimal way on a NB project, but It works.
Maybe a ServiceProvider would give a more elegant solution, and would provide an "explicit" dependency betwen modules. Is this the principal advantage of using a ServiceProvider over the Singleton Pattern?
As you can see I'm a completely noob on NB Platform...
Thx again
Xian |
|
| Back to top |
|
|
Monezz
Joined: 18 Feb 2009
Posts: 254
|
| Posted: Sun May 06, 2012 12:38 pm Post subject: [platform-dev] Re: Session concept |
|
|
| Quote: | Thx, that's (almost) the way I'm doing... I'm using a Singleton for a UserSessionManager, and this way I can use it along all my modules. Maybe it's not the optimal way on a NB project, but It works.
Maybe a ServiceProvider would give a more elegant solution, and would provide an "explicit" dependency betwen modules. Is this the principal advantage of using a ServiceProvider over the Singleton Pattern?
|
Advantage of ServiceProvider UserSessionManager is that you can
separate the interface from the implementation.
This would be usefull for example when you want to give your users the
option to login with an openID in addition to your own login database.
You could even make a list box in your login screen with each
authentication method coming from another module.
If you don't see the need for such a thing ever occurring in the
future, the singleton pattern is probably easier.
| Quote: | Note: The module providing such a service must be signed and tested for security if the user has not install any other intrusive module keeping session data.
|
As long as authorization is separated from authentication and
authentication modules can never produce the same user, your data is
still secure even with a untrusted third party authentication
provider.
Extending the module loader to only load modules signed by a list of
trusted signers is not a bad idea though. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
