automatic login form

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

automatic login form

martin

Wondering if Ratpack has something like J2EE /JSession where a login form is automatically shown when the user doesn't have a session.

Reply | Threaded
Open this post in threaded view
|

Re: automatic login form

Luke Daley
Administrator
There's nothing really built in for this.

Ratpack does have session support though, so most of the tricky parts are taken care of. If you can provide a bit more info I can give some more info.
Reply | Threaded
Open this post in threaded view
|

Re: automatic login form

martin
Here's a demo I can look at:  https://github.com/panzhangwang/ratpack-angular-auth
- not really DRY

Really I was wondering if there was some declarative handler / hook for a login page or security in general. Kinda like a J2EE app you can declare the login form / page in the web.xml and then use j_security_check in a form etc etc.

If not using the web.xml approach, I believe in most J2EE baseed apps you'd setup a Listener and intercept the HTTP requests to do your own session / security checks.

Seems like this could be a common use case.  Not sure that I have anything clever in mind. But might be good to create authN / AuthZ API interfaces and supply default impls using the spring security etc.

I'm too much of a noob at this point to enhance the ratpack closure. It could be interesting to declare something pattern based as protected and register a security module etc. Make user pages / form use j_security_check?



Reply | Threaded
Open this post in threaded view
|

Re: automatic login form

Luke Daley
Administrator
Here's an improved version: https://github.com/alkemist/ratpack-angular-auth/blob/21dc912fa2b9f79c5b4a278c4f63ae371af48c6e/src/ratpack/ratpack.groovy

We could definitely add some sugar around this for specific security tool implementations.