stackoom
  简体   繁体   中英

GWT- History Management for web application

 原文  2015-08-31 09:46:40       gwt/ browser-history/ session-management

Question

I am working on History management for my application. I have two views, one is login and the other is main application. I have added local links #login and #application. Now ideally what should happen is, when the user opens the application he should see the login view which has #login token. It works fine. Then when his credentials are validated he goes to application view with token #application. And when he logs out he goes back to #login. All this works fine. But what bothers me is when I change the link token from #login to #application manually, the main application opens directly even after I have logged out. But when I try the same thing in a new tab, it works fine. The application is vulnerable to attacks which needs to be fixed. I need some help here. 

    //When application loads
    History.newItem("application",true);           
    //When login screen loads //     
    History.newItem("login",true); 

    //On change
    History.addValueChangeHandler(new ValueChangeHandler<String>(){   

        @Override     
        public void onValueChange(ValueChangeEvent<String> event) { 
            String historyToken   = event.getValue(); 
            if (historyToken.substring(0, 5).equals("login")) {
                login();   
            }
            if (historyToken.substring(0, 11).equals("application")) {
                     mainApplicationView();    
            }
     });

When I logout, login() method is called which loads relevant panels into RootPanel and also has #login token inside. Also, the main application panels are removed from rootpanel.

1 answers

solution1
 0 ACCPTED  2015-08-31 11:04:08

The mistake was inside second if condition: 

    History.addValueChangeHandler(new ValueChangeHandler<String>(){   

            @Override     
            public void onValueChange(ValueChangeEvent<String> event) { 
                String historyToken   = event.getValue(); 
                if (historyToken.substring(0, 5).equals("login")) {
                    login();   
                }
                if (historyToken.substring(0, 11).equals("application")) {
                    startApplication(); //it will again check if the session is valid. If not, login screen will show up. Else mainApplication.
                }
    });

After I logout, it should not allow me to see the application page in any case. So, I should make sure that sessionID is valid. I did it only once when the application start but not under History.addChangeHandler. This was a blunder. 

    String sessionID = Cookies.getCookie("JSESSIONID");
    if(sessionID == null) {
        login();
    } else {
        checkWithServer();
    }

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question gwt- is it safe to use oauth through GWT in a native or web app GWT- Best way to give images for gwt application GWT- PopupPanel with search? GWT- Suggestbox listener not working GWT- SDK upgrade issue GWT- Asynchronous call delay Multiple entry-points in GWT Application: How does bootstrapping, History-Token and Place-Management work? Gwt- file path when uploading the file gwt- frame respond url change GWT- Need Disclosure Container to open horizontally
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM