#1 2013-11-17 10:40:51

nirnir
Member
Registered: 2013-11-11
Posts: 66

authentication and sessions

Hi ,

I'm trying to migrate my datasnap application to mormot .
I couldn't find how to implement few things.



I'm using TMySqlAuthUser inherits from TSQLAuthUser mapped to external mssql  and
TSQLRestServerAuthenticationDefault authentication scheme .


a. I need a server side events - onSessionCreated,onSessionClosed .
    how can I have those events ? do I must create a new class inherits from
   TSQLRestServerAuthenticationDefault  and rewrite auth method ?

b. I want to add to my TMySqlAuthUser runtime data or Toject pointer
    this data is runtime only ; shouldn't be mapped to fields on the actual table nor loaded/saved to it .
    How can I add runtime data to TMySqlAuthUser ?

Offline

#2 2013-11-17 13:21:11

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: authentication and sessions

We have just added TSQLRestServer.OnSessionCreate / OnSessionClosed methods, and a new TSQLRestServer.SessionClass property to specify the class type to handle in-memory sessions, and override e.g. IsValidURI() method.
See http://synopse.info/fossil/info/3fb22c8c31

You can use property Data: TSQLRawBlob of TSQLAuthUser  to store custom data.
But if you did override the TSQLAuthUser class, you can put any new published fields in this new class, and they will be persisted as usual to your external database.

Are you using MySQL?
Do you have any feedback?
We never used it before with mORMot - it has been prepared, but never tested.

Offline

#3 2013-11-17 15:24:01

nirnir
Member
Registered: 2013-11-11
Posts: 66

Re: authentication and sessions

Thanks for your quick response .
I want to add runtime data to my TMySqlAuthUser without persistence , is it possible ?
In OnSessionCreate I want to add some data to the session , and it shouldn't  be saved to the AuthUser table .

I don't use mySql but mssql , sorry

Offline

#4 2013-11-17 16:24:05

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: authentication and sessions

Yes, your *AuthUser class is like any other class.
You can add runtime data with no problem.
Persistence will be done only for published properties, not public properties.

Offline

#5 2013-11-18 09:35:56

nirnir
Member
Registered: 2013-11-11
Posts: 66

Re: authentication and sessions

Thanks,
If I decide to drop(close) the session on OnSessionCreate , what is the proper way to do that ?

Last edited by nirnir (2013-11-18 09:36:23)

Offline

#6 2013-11-18 13:25:40

nirnir
Member
Registered: 2013-11-11
Posts: 66

Re: authentication and sessions

ab wrote:

Yes, your *AuthUser class is like any other class.
You can add runtime data with no problem.
Persistence will be done only for published properties, not public properties.

Non persistence fields inside TSQLAuthUser  which I fill in OnSessionCreate are NOT copied into the TSQLAuthUser copy created in TSQLRestServer.SessionGetUser 
( result := User.CreateCopy as fSQLAuthUserClass . )

Offline

#7 2013-11-19 12:38:24

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,659
Website

Re: authentication and sessions

I've just modified the OnSessionCreate/OnSessionClosed: TNotifySQLSession callbacks will now provide additionnal information about the calling context, and allowing to abort the session creation TRUE is returned to the OnSessionCreate event:

  /// session-related callbacks triggered by TSQLRestServer
  // - for OnSessionCreate, returning TRUE will abort the session creation -
  // and you can set Ctxt.Call^.OutStatus to a corresponding error code
  TNotifySQLSession = function(Sender: TSQLRestServer; Session: TAuthSession;
    Ctxt: TSQLRestServerURIContext): boolean of object;

....
    /// a method can be specified to be notified when a session is created
    // - for OnSessionCreate, returning TRUE will abort the session creation -
    // and you can set Ctxt.Call^.OutStatus to a corresponding error code
    OnSessionCreate: TNotifySQLSession;
    /// a method can be specified to be notified when a session is closed
    // - for OnSessionClosed, the returning boolean value is ignored
    // - Ctxt is nil if the session is closed due to a timeout
    // - Ctxt is not nil if the session is closed explicitly by the client 
    OnSessionClosed: TNotifySQLSession;

See http://synopse.info/fossil/info/8ba379c881

Good remark about the non-published fields copy.

We just defined TSQLRecord.CreateCopy as a virtual method, to allow any customization of TSQLRecord copy.
See http://synopse.info/fossil/info/f23a869a36

As such, if your *AuthUser class could override its CreateCopy() method, you would be able to have your non-published fields copied into the local copy created by TSQLRestServer.SessionGetUser.

Thanks for the feedback.

Offline

Board footer

Powered by FluxBB