Differences

This shows you the differences between two versions of the page.

--- jvx:server:lco:session_isolation [2018/02/02 08:08]
admin created
+++ jvx:server:lco:session_isolation [2020/06/26 12:49] (current)
cduncan Edited for English grammar (capitalization, punctuation, correct verb conjugation)
@@ Line 1: / Line 1: @@
-~~Title: Session isolation~~
+~~NOTRANS~~
+~~Title: Session Isolation~~
-Usually it's good enough if your client creates one single connection to the server. This connection could be created via application login. A login dialog is the right place for creating a connection. But sometimes you need a connection to the server independent of the authenticated user, maybe to retrieve properties or GUI settings.
+It is usually good enough if your client creates one single connection to the server. This connection could be created via application login. A login dialog is the right place for creating a connection. But sometimes you need a connection to the server independent of the authenticated user, maybe to retrieve properties or GUI settings.
-There are different solutions for this problem. The preferred one would be an anonymous connection. Such connections are supported from DBSecurityManager out-of-the-box, but you need a database with a user table. If you don't have a database, it won't work.
+There are different solutions for this problem. The preferred one would be an anonymous connection. Such connections are supported from DBSecurityManager out of the box, but you need a database with a user table. If you don't have a database, it won't work.
-Another solution is the Session isolation feature of JVx. We don't have a ready-to-use security manager for this case but it's very easy to implement. The Session isolation feature allows using a life-cycle object like a common bean, without implicit access to Application and Session life-cycle objects.
+Another solution is the session isolation feature of JVx. We don't have a ready-to-use security manager for this case but it's very easy to implement. The session isolation feature allows using a life cycle object like a common bean, without implicit access to application and session life cycle objects.
 There are different things to do! First, we need a custom security manager:
@@ Line 49: / Line 50: @@
 </file>
-Create a connection from your client, e.g. in the constructor of your application
+Create a connection from your client, e.g., in the constructor of your application.
 <file java>
@@ Line 58: / Line 59: @@
 </file>
-The life-cycle object for the QuickAccess connection:
+The life cycle object for the QuickAccess connection:
 <file java>
@@ Line 71: / Line 72: @@
 </file>
-The object is annoted with StrictIsolation. This annotation marks the objects as object without access to the session life-cycle object.
+The object is annotated with StrictIsolation. This annotation marks the objects as object without access to the session life cycle object.
-Call an action
+Call an action.
 <file java>
@@ Line 82: / Line 83: @@
 **<fs 20px>Information</fs>**
-The Session isolation feature should be used with care because it's possible to get access to the server without "real" authentication. But it's not risky because it's not possible to call methods which are not available in your isolated life-cycle object. There is only one rule for you: Never offer internal data. Use the isolation feature to send public data to the client, e.g. product names, version numbers, translation data, ...
+The session isolation feature should be used with care because it's possible to get access to the server without "real" authentication. However, it's not risky because it's not possible to call methods that are not available in your isolated life cycle object. There is only one rule for you: never offer internal data. Use the isolation feature to send public data to the client, e.g., product names, version numbers, translation data, and so forth.