Scooter Framework

Security

• Generate security module
• Authenticate an action
• Login helpers

Scooter provides basic login functionality for web applications without requiring much programming.

Generate security module

Run the following command to create a sign on module for customerservice example app:

> java -jar tools/generate-signon.jar customerservice

The following files are created or modified:

• views/signon/login.jsp: login view
• views/signon/logout.jsp: logout view
• views/signon/main.jsp: main view for successful login
• views/layouts/includes/header.jsp: header view updated with "Sign In" and "Sign Out" links
• src/customerservice/controllers/SignonController.java: signon controller

Generated login screen:

If you do not enter username and password, you will get an error as follows.

Generated login failure screen:

Scooter's generated SignonController has very basic authentication. It simply checks if there are values for username and password. This is achieved through the use of a beforeFilter.

public class SignonController extends ApplicationController {
    static {
        filterManagerFor(SignonController.class).declareBeforeFilter(
            "validateInput", "only", "authenticate");
    }

    public String validateInput() {
        validators().validatesPresenceOf("username");
        validators().validatesPresenceOf("password");
        if (validationFailed()) {
            flash("error", "Please submit both username and password.");
            return redirectTo("/signon/login");
        }
        return null;
    }

    public String authenticate() {
        String username = p("username");
        String password = p("password");

        LoginHelper.cacheLoggedInUserId(username);
        return redirectTo("/signon/main");
    }
}

Just enter anything in the login screen and we can login.

Generated login success screen:

The above is the default landing screen after a successful login. It is located under the customerservice/WEB-INF/views/signon directory.

Generated logout screen:

Authenticate an action

Scooter links actions to authentication through the use of beforeFilter delaration. For example, we can force an action to be available only to login users by declaring the following:

public class EntriesController extends ApplicationController {
    static {
        filterManagerFor(EntriesController.class).declareBeforeFilter(
            SignonController.class, "loginRequired");
    }

    ...
}

This beforeFilter declaration tells us that all action methods in the EntriesController class are required to be filtered by the loginRequired method of the SignonController class.

Login helpers

LoginHeler class provides some helper APIs related to login.