Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 9 of 9 total
Thread EWB and Delphi DataSnap
Mon, Sep 9 2013 4:04 AMPermanent Link

Eivind

Dear Support

My evaluation of EWB is so far going great. I have managed to use the EWB Web server to serve up MySql data. However, my real world app that I'm wanting to develop is not public. All my data needs to be protected with a user login. Is that doable with the EWB Web server? I mean, the user logs in, some kind of session keeps the userdata and userID used to query only the active users data. If inactive for X minutes, the session expires.

Can a DataSnap REST server written in Delphi XE4 (and soon XE5) be used for this purpose as it has support for Authentication, Authorization and user session. I see that when I create a DataSnap server Delphi, it includes a js folder with some javascript files used if the client use javascript and not delphi. If possible, can the EWBDataSetAdapter be used to handle the JSON traffic on a DataSnap server and serve it to EWB?

If someone could shed some light on this, and possible some examples, that would be great!

Best regards

Eivind
Mon, Sep 9 2013 10:38 AMPermanent Link

Matthew Jones

I think you have the login need understood well. I think that there is no
authentication on the basic database connection, so you are best (if such is
required) to use an intermediate layer. The password must be entered by the user as
the source is "open" so it can easily be uncovered. You don't want people with full
access to delete data etc.

I myself have used the RemObjects SDK which has session management built in, and
someone else did an interface for it in EWB. My code just makes a call to a
function, and it requires a session so it asks for a login. Another call is then
made to the login service which if the password is good, creates the session, and
the original call is repeated automatically. Obviously this could be done any
appropriate way according to the service. A REST service is supposed to be
stateless, so there would be no session. For accessing that, you can just pass the
password details with each call as a parameter (one assumes that it would be https
all the time). I've used that too.

And you may want to time out sessions etc, if they are not SSL so that they cannot
be hijacked on the wire.

/Matthew Jones/
Mon, Sep 9 2013 4:31 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Eivind,

<< My evaluation of EWB is so far going great. I have managed to use the EWB
Web server to serve up MySql data. However, my real world app that I'm
wanting to develop is not public. All my data needs to be protected with a
user login. Is that doable with the EWB Web server? I mean, the user logs
in, some kind of session keeps the userdata and userID used to query only
the active users data. If inactive for X minutes, the session expires. >>

Because an EWB application can maintain state, unlike a page-based web site
that uses a collection of web pages, you can just authenticate the user
once, store the credentials in memory, and then use the same credentials for
each request to the back-end web server using https (SSL) connections.  You
can also use a TTimer to set a timeout for the credentials, automatically
clearing them after X seconds, minutes, etc.  In general, the main issue
with https and browsers has always been volume of data due to content, and
with an EWB application you're only sending back and forth small amounts of
JSON data, so https connections are acceptable in terms of performance and
ensure that all credentials, data, etc. are always completely encrypted.

<< Can a DataSnap REST server written in Delphi XE4 (and soon XE5) be used
for this purpose as it has support for Authentication, Authorization and
user session. I see that when I create a DataSnap server Delphi, it includes
a js folder with some javascript files used if the client use javascript and
not delphi. If possible, can the EWBDataSetAdapter be used to handle the
JSON traffic on a DataSnap server and serve it to EWB? >>

You can use the TEWBDatabaseAdapter and TEWBDataSetAdapter components to
wrap any TDataSet-descendant and generate/consume JSON that works with EWB.
What you do with the JSON in relation to the web server/web services is
completely up to you, so as long as DataSnap will allow you to implement
custom methods that return custom JSON, you're all set using both together.

Tim Young
Elevate Software
www.elevatesoft.com
Thu, Sep 12 2013 10:56 AMPermanent Link

Bernhard Fischer

Hi Matthew,

perhaps you know my name from the RemObjects newsgroups / forums, I am a member of RemObject's TeamRO. for several years now. I tested several different approaches to use RemObjects back-ensd from within web pages (Php/XMLRPC, JS). I am very interesting in testing this with an Elevate Web Builder application - I do not know anything about EWB so far and want to change that Wink Can you please give me a very short high-level hint of how to integrate a RemObjects Javascript file in a EWB project, just to put me on the right track? I can imagine that this is accomplished by a RemObjects HTTP Javascript Dispatcher, serving the EWB application to the client. In the EWB documentation I read something about creating an interface to external javascript files (the RemObjects interface .js file). Is this the way to go?

Thanks
Bernhard

(Matthew Jones) wrote:

I think you have the login need understood well. I think that there is no
authentication on the basic database connection, so you are best (if such is
required) to use an intermediate layer. The password must be entered by the user as
the source is "open" so it can easily be uncovered. You don't want people with full
access to delete data etc.

I myself have used the RemObjects SDK which has session management built in, and
someone else did an interface for it in EWB. My code just makes a call to a
function, and it requires a session so it asks for a login. Another call is then
made to the login service which if the password is good, creates the session, and
the original call is repeated automatically. Obviously this could be done any
appropriate way according to the service. A REST service is supposed to be
stateless, so there would be no session. For accessing that, you can just pass the
password details with each call as a parameter (one assumes that it would be https
all the time). I've used that too.

And you may want to time out sessions etc, if they are not SSL so that they cannot
be hijacked on the wire.

/Matthew Jones/
Thu, Sep 12 2013 12:16 PMPermanent Link

Robert Devine

Hi Bernhard

I posted some interface files on the demos newsgroup last year. EWB
works well with the RO/JS client.

Cheers, Bob


On 12/09/2013 15:56, Bernhard Fischer wrote:
> Hi Matthew,
>
> perhaps you know my name from the RemObjects newsgroups / forums, I am a member of RemObject's TeamRO. for several years now. I tested several different approaches to use RemObjects back-ensd from within web pages (Php/XMLRPC, JS). I am very interesting in testing this with an Elevate Web Builder application - I do not know anything about EWB so far and want to change that Wink Can you please give me a very short high-level hint of how to integrate a RemObjects Javascript file in a EWB project, just to put me on the right track? I can imagine that this is accomplished by a RemObjects HTTP Javascript Dispatcher, serving the EWB application to the client. In the EWB documentation I read something about creating an interface to external javascript files (the RemObjects interface .js file). Is this the way to go?
>
> Thanks
> Bernhard
>
> (Matthew Jones) wrote:
>
> I think you have the login need understood well. I think that there is no
> authentication on the basic database connection, so you are best (if such is
> required) to use an intermediate layer. The password must be entered by the user as
> the source is "open" so it can easily be uncovered. You don't want people with full
> access to delete data etc.
>
> I myself have used the RemObjects SDK which has session management built in, and
> someone else did an interface for it in EWB. My code just makes a call to a
> function, and it requires a session so it asks for a login. Another call is then
> made to the login service which if the password is good, creates the session, and
> the original call is repeated automatically. Obviously this could be done any
> appropriate way according to the service. A REST service is supposed to be
> stateless, so there would be no session. For accessing that, you can just pass the
> password details with each call as a parameter (one assumes that it would be https
> all the time). I've used that too.
>
> And you may want to time out sessions etc, if they are not SSL so that they cannot
> be hijacked on the wire.
>
> /Matthew Jones/
>
Fri, Sep 13 2013 7:18 AMPermanent Link

Matthew Jones

Hi,

Well, it wasn't me that worked it out first, but happy to help. First step, visit
the webbuilder.binaries and locate the "Simple RemObjects demo" thread. That's what
I based it on, and then modified a bit. If you have questions beyond that, let me
know.

I would really really like RemObjects to output the header stuff for EWB as it
would save me making mistakes and breaking it.

/Matthew Jones/
Fri, Sep 13 2013 8:53 AMPermanent Link

Matthew Jones

I think there was one additional change I made to the ROSDKUtils.wbs file, but I
can't remember what it was. It added a parameter or something that was needed for
some situations. I will have posted it here anyway, so searching should find it.

/Matthew Jones/
Sun, Sep 15 2013 7:13 PMPermanent Link

Bernhard Fischer

Thanks, Bob and Matthew.
I will give it a try and do a comprehensive evaluation after some crucial controls were added to the framework.
@Matthew, maybe it was the RO channel's onLoginNeeded event which needs to be instanced to make it work.

Cheers,
Bernhard
Tue, Sep 17 2013 1:39 PMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Bob,

<< I posted some interface files on the demos newsgroup last year. EWB works
well with the RO/JS client. >>

Just my two cents here - I will be adding a "namespace" addition to external
classes that will allow you to avoid all of that embedded class mumbo-jumbo.
EWB will then emit the specified namespace with any external class
constructor calls, or other static class calls.

Tim Young
Elevate Software
www.elevatesoft.com
Image