Adding an WApplication WResource (at a fixed path) OR something with Auth
Added by Christian Meyer 7 months ago
Hi there!
Not sure that what I want to implement is the best Strategy, so I will give a short info about what I actually want done:
I want my Wt App be able to answer an incoming request for HTTP Basic Authentication and check against current users, returning 200 on success, and 401 on fail. (For a thirdparty program that also runs on my server and that endpoint will be hidden by a reverse proxy if possible.)
What I would like to have, is call on Password Service with the provided username and password and that doing everything.
But PasswordService would like to have a User Object and that needs to be mapped...
That endpoint should not be used for much else, but needs to check only the current users of that App.
I therefore had the thought, that the resource should be integrated into the App itself, adding an unique_ptr<WResource> to my WApplication and setInternalPath on that resource to the path I would like to cover.
Unfortunately that WResource on the path is always answered with 200, and does not seem to actually jump into the handleRequest function of the WResource
The thinking behind that is, if the request is handled within the Application, the Mapping is done, and Wt will probably figure out that this session can be closed pretty fast again.
-> Question 1: how would I go about that?
If I instead add WResource with addResource to the Server, handleRequest is called, but I have no Access to the Application Session and can not Look for Users.
As my Application manages the Session Object and the Schema, as far as I understood, I can not just call the user() search function from an extra Auth Session, without a first call to createSchema().
If I am wrong about my assumptions, please let me know.
And -> Question 2: Is there another way that I just don't see right now?
Thanks
Christian
Replies (2)
RE: Adding an WApplication WResource (at a fixed path) OR something with Auth - Added by Matthias Van Ceulebroeck 7 months ago
Hi Christian
Q1: when you use a WResource as part of an application is becomes a dynamic resource. In essence this is used to serve files to users.
Q2: in my opinion this is the correct approach. You add the resource to the server, which then lives on its own endpoint. You indeed do not have access to your session from the application, but you can simply create a new one. The connection (pool) can be passed to the resource, which can then be used to create a new session. Mind of course that with multiple sessions comes the disadvantage of concurrent database accesses and its issues (like stale objects). If this resource is quick enough, and doesn't modify any records (only reading them), this should of course be fine.
I hope this helps you along!
Best,
Matthias
RE: Adding an WApplication WResource (at a fixed path) OR something with Auth - Added by Christian Meyer 7 months ago
Hi Matthias, thank you for looking into my troubles again! =)
I now went with a mixed approach, the resource is part of Application, but as a static shared_ptr.
I do give it it's own endpoint with WServer::addResource
Within my Application I initialize the resource with the Application specific ConnectionPool and add the Activated Module Classes to the Mapping of the Session from the Resource.
The Resource is only supposed to read if the Login information is correct and a user available, so readonly access.
And so far it seems to work ...
Just need to test, whether the resource still works when all Application objects timed out =)
And yes, this does help with the other problem I specified!
Thanks a lot!