Versions Compared

Old Version 6

changes.mady.by.user Mike Fechner

Saved on

compared with

New Version 7

changes.mady.by.user Mike Fechner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagec#
DEFINE VARIABLE oSecurityService                   AS ISecurityService NO-UNDO .
 
oSecurityService = {Consultingwerk/get-service.i Consultingwerk.SmartFramework.Authorization.ISecurityService} .
 
/* ... */
 
IF VALID-OBJECT (oSecurityService) AND oSecurityService:IsRestricted ("SMF":U,
                                                                      eSmartMenu.FunctionGuid) THEN NEXT .

 

 

Validate ClassValidate Class

 The Validate Class does also provide a simple API to query authorization during the validation of updates in a Business Entity. The method IsNotRestricted validates that the user has authorization for a specific data item identified by a security realm code and the value of the field passed to the Validate:IsNotRestricted method.

 

Code Block
titleSample business entity validation
FOR EACH eSmartMessage ON ERROR UNDO, THROW:
    Consultingwerk.OERA.Validate:IsNotRestricted (BUFFER eSmartMessage:HANDLE,
                                                  "LanguageGuid":U,
                                                  "SMT":U,
                                                  MessageFormatter:GetMessage ("SFR":U, 200)) .
END.

 

Additional Security Hooks

Toolbar Authorization Provider

Field Authorization Provider

Request Authorization Provider

Server Session Activator

 

 

...

Request Authorization Provider

The request authorization provider is an optional service. The service must implement the IRequestAuthorizationProvider interface and will be used by the ServiceInterface when a service is registered against that interface.

The request authorization provider allows to verify requests to the backend of the framework. As any call needs to pass the service interface this allows to reliably inject of any kind of security checks such as authorization for specific business entities or tasks.

See the interface description for further details.

Server Session Activator

The server session activator is not truly a security feature but security related. It is responsible for restoring the session context on the backend. The server session activator reacts on the Activate and Deactivate events of the ServiceInterface class.

We do not provide an interface for the server session activator. We do however provide a reference implementation in the form of the ServerSessionActivator which can also be loaded from a services.xml file. This class does for instance restore the SessionManager properties and imports the client principal of the Context Dataset into the current security context.