WaveMaker Docs

WaveMaker Docs

  • Get started
  • Widgets
  • Mobile
  • How-to
  • Enterprise
  • Releases
  • Blog
  • Sign-in

›Security

How-to-documents

  • How-to Wiki
  • WaveMaker Best Practices

App solution

  • Creating a Registration Page
  • Support for Password Encryption
  • Error Handling in WaveMaker App
  • Leaving Page with Unsaved Changes
  • Micro frontend using iframes
  • Enabling PWA

UI design

  • Passing Parameters to Pages
  • Passing Parameters to Partial Page
  • Accessing Script
  • Use Static Variable to pass data between pages
  • Customise Login Page
  • Incorporating Additional Icons
  • Change Icon Color on Condition
  • Change Icon for the Global Spinner
  • Changing Default Favicon
  • Changing App Logo
  • Changing Page Title
  • Customise App Style
  • How to use Conditional Class Property
  • How to use Conditional Style Property
  • Customize an Existing Theme
  • Adjust Left Navigation Width
  • Customizing Theme
  • Enable SPA
  • Choose Widget Template and Layout
  • Widget Template and Icons
  • Custom Template for Widgets
  • Apply Custom Data Formatter

Nav & Dropdown

  • Dynamic Menu based on User Role
  • Restricting Menu Items based on the User Role
  • Localization for Dropdown Menu

Localization

  • Localization in WaveMaker Apps
  • Setting Language and Date Format
  • Localization Using Select Locale
  • Localization of Error Messages

Security

  • SAML Integration - OneLogin
  • SAML Integration - ADFS
  • OpenID Integration - Azure AD
  • Custom Security using Google OAuth Prefab
  • Multiple Security Provider Implementation
  • Customizing Post Authentication Handlers
  • Configuring Content-Security-Policy
  • Configuring MTLS

Databases

  • Queries with Dynamic Where Clause
  • Connect To Azure SQL Server
  • Recommended JDBC Driver Versions for Databases
  • How to fetch more than the default number(100) of records from database?
  • How To: One-to-Many Relationship
  • Working with Temporals
  • Connect To AWS Redshift Database
  • Connect To SAP Hana Cloud Database
  • Transactional History of Entity
  • Row-Level Security using DB Event Listeners
  • Validations using CRUD Listeners
  • Custom Logic DB Event Listeners
  • Connect to MySQL database using SSL
  • How to Switch MariaDB to MySQL Connector

Web services

  • Using App Environment Properties
  • Consuming an Existing WaveMaker API
  • Using POST method to send data to a REST API
  • Request-Response Processing for REST Services
  • How to Intercept Request and Response of all API Calls in One Place
  • WebSocket Usage - Chatroom App
  • UI for API Server-side Pagination
  • Working with API with different pagination formats

Java services

  • Sending Email using WaveMaker Connector
  • Implementing Forgot Password feature using Java Service
  • Accessing REST APIs from Java Service
  • Scheduling a Java Service
  • Integrating JUnit Tests for WaveMaker Application
  • ORM Artifacts
  • Pre-Post Processing for Database Service APIs
  • Accessing Logged-in User Details using Java Service
  • Design a workflow in Camunda BPM and integrate into a WaveMaker app
  • Integrate Azure File Storage
  • Insert Data from Excel into Database
  • Integrate Amazon S3 into WaveMaker App
  • Integrate Twilio Connector
  • Integrate OTP (One-Time Passcode) Verification with WaveMaker App

Variables

  • Using Filter Conditions on Variable
  • Using Live Variable APIs
  • Using Notification Actions
  • Using Navigation Action
  • Using Variables for Queries and Procedure
  • Using Service Variable in a Form
  • Using Filter Criteria for a Data and Live Widgets
  • Using Filter Criteria for a Database CRUD Variable

JavaScript

  • Using JavaScript in Binding
  • Using JavaScript from External URL
  • Using JavaScript to loop a command
  • Using function for evaluating conditions

Developer options

  • Synchronizing WaveMaker Apps with IDEs
  • Synchronizing Java Services Controller
  • Integrating Amazon Cognito for User Authentication
  • Integrating Sample Jasper Report in WaveMaker Application
  • How to generate PDF File using Jasper Reports
  • Upgrading an App from WaveMaker 9.x to WaveMaker 10.0
  • App Migration from WaveMaker 9x to 10x
  • Setup Fusion Reactor for Debugging Issues

Deployment

  • SSL Termination in LoadBalancer

Mobile App Solutions

  • Notify users about new update

Mobile gesture

  • Setting Swipe Gestures on a List Widget
  • Working with Pull to Refresh

Mobile widgets

  • Using Search Widget within the Navbar

Mobile UI design

  • Setting Splashscreen Images and App Icons
  • Using Cordova Plugins
  • Designing Tablet Views in Mobile Project
  • Sliding left navigation for Mobile App
  • Mobile App using Bar code
  • Custom Date Picker in Mobile

Cards

  • Capturing Card Items

DataTable

  • Customising Data Table Row Action
  • How to Configure Row Expansion in a Data Table
  • Using Widgets to represent Data Table Columns
  • View Master-Detail Data Records using Data Table
  • Add Master-Detail records using Data Table
  • Export Data from Data Table
  • Export Data from Data Table - 2
  • Setting Blob Filename
  • Dynamic Data Tables
  • Customize Dynamic Datatable
  • Data Table Column bound to Query
  • Combining Columns in Data Table
  • Custom Styling Data Table Columns & Rows
  • Formatting Data Table Columns
  • Concurrency and Record Locking in WaveMaker
  • Edit DataTable records bound to Query API

List

  • Creating an Employee List grouped by City
  • Creating an Employee List grouped by Birth Month and City
  • OnRender Event
  • Including a Data Table within a List
  • Building an Editable List
  • Building Cascading Lists
  • Accessing List Items
  • Localization of Data Table Column Headings

Forms

  • Using Live Form
  • How Tos: Form
  • Building Tabbed Live Form
  • How Tos: Live Form
  • Linking Live Form with another Widget for Input
  • Handling Related Fields in a Live Form
  • How to Get Validation Messages from a Form
  • Adding Master-Detail records in the same transaction
  • Submit Parent and Child Records in a Single Transaction
  • Submit Parent and Child Records in a Single Transaction using Form and Data Table
  • Using Cascading Select & Autocomplete for Live Form Fields
  • Using Cascading Select within Live Form
  • Using cascading Filter to populate Live Form
  • Using Wizard for Master-Detail Live Form
  • Copy to Clipboard
  • Create a form with multiple wizard steps
  • Smart Forms: Conditional Flows for form Widget

Calendar

  • How Tos: Calendar
  • Calendar Usage - Create an Event
  • Calender Usage - Google Calendar Integration

CheckboxSet

  • CheckboxSet to Filter List data

FileUpload

  • FileUpload - Basic Usage
  • File Upload Widget Operations
  • Upload File & Save in Database
  • File Upload & Blob Data
  • File Upload - Custom Directory
  • Accessing File Upload from Java Code
  • Upload Files from Live Form & Form

Radioset

  • Radioset to Filter a List

Rating

  • Building Rating Widget using Static Data
  • Building Rating Widget using Static Variable
  • Build Rating Widget using Model Variable
  • Building an Interactive Rating Widget

Select

  • Configuring Select Widget from a Static List of Values
  • Configuring Select Widget from a Static Variable
  • Configuring Select Widget from a Variable
  • Configuring Select Widget using Display and Data Fields
  • Configuring Select Widget from Database Fields
  • Configuring Cascading Select
  • Selection Widgets - Use Case

Progress Circle

  • Using Progress Circle Widget

Charts

  • Working with Charts
  • Display User Selection in another Widget
  • Handling Dynamic Data
  • Custom Data

Richtext Editor

  • Adding Custom Fonts to Richtext Editor

Live filter

  • Applying Live Filter to a Data Table or a Chart
  • Building a Multiple Selection Live Filter
  • Building a Range Live Filter

Container

  • Setting partial page content for Accordion within a List
  • Setting partial page content for Panel within a List using JavaScript
  • How Tos: Wizard
  • Dynamic Tabs and Accordions

Tree

  • Tree using Static Variable
  • Tree using Java Service
  • Tree using Dynamic Tree

Prefabs

  • Creating Partials in a Prefab
  • Create Prefab using Third Party UI Widgets
  • Create a Simple Prefab
  • Create Prefab Using D3 & NVD3 Charts
  • Create Prefab Using D3 Library DataMaps
  • Create Prefab using JQuery Plugin
  • Create Prefab using Angular Module
  • Create Prefab using Angular, React Components
  • Azure OAuth Prefab Integration

Team Poral Configure Vcs

  • Configure Azure Repos In CodeRepository
Edit

Customizing Post Authentication Handlers

In a Security enabled WaveMaker app, post-authentication the following actions are performed.

  1. The Default Success Handler, which includes generation of CSRF token, storing the session context, etc., gets invoked.
  2. Next, any custom authentication success handlers provided by the app developer are triggered.
  3. Post authentication redirection handler will be triggered. This can either be the default redirection handler provided by WaveMaker or any custom redirection handler provided by the app developer.

This section shows how custom post-authentication success handler and custom redirection handler can be implemented.

Custom Post-Authentication Success Handler

Post-Authentication Success Handlers, in addition to the default one, can be implemented as per app requirements. At app runtime, WaveMaker will automatically trigger these custom handlers.

Creating custom post-authentication success handler involves the following steps.

  • Creation of a package structure in src/main/java.
  • Creating the interface implementation in that package.
  • Declaring the custom post-authentication success handler implementation (along with the package name) in project-user-spring.xml.
note

Multiple implementations can be provided as per your app requirements by following the above-mentioned steps for each handler.

Creating a Package Structure

Create the package folder structure under src/main/java. If you want to name your package, see the following example.

Interface to Implement

After creating the package structure, the following interface needs to be implemented in that package for creating a custom post-authentication success handler.

public interface WMAuthenticationSuccessHandler {
void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
                             WMAuthentication authentication) throws IOException, ServletException;
}

For example, the following MyCustomAuthenticationSuccessHandler fetches lastAccessedTime of the authenticated user and sets it in the custom attributes.

Change the package name according to your requirements.

package com.mycompany.myapp.security;

import com.wavemaker.runtime.security.handler.WMAuthenticationSuccessHandler;
import com.wavemaker.runtime.security.WMAuthentication;

public class MyCustomAuthenticationSuccessHandler implements WMAuthenticationSuccessHandler {

 /**
  *It's a database service, which contains user information. 
  */
  @Autowired
  private UserInfoService userInfoService; 

  @Override
   public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
                                       WMAuthentication authentication) throws IOException, ServletException {

        UsernamePasswordAuthenticationToken authenticationToken = 
               (UsernamePasswordAuthenticationToken)authentication.getAuthenticationSource();

        String username = authenticationToken .getPrincipal();
        long  lastAccessedTime = userInfoService.getById(username).getLastAccesedTime();

       /**
        * Adding lastAccessedTime to custom attributes, which is visible both to client and server.
        */
        authentication.addAttribute(“lastAccessedTime” , lastAccessedTime , Attribute.AttributeScope.ALL);

       /**
        * Adding one more attribute which with scope SERVER_ONLY
        */
        authentication.addAttribute(“lastValidatedTime” , System.currentTimeMillis() , 
                                Attribute.AttributeScope.SERVER_ONLY);

   }
}

Custom Handler Declaration

Declare the above-created custom post-authentication success handler implementation (along with the package name) in project-user-spring.xml.

<bean id="customAuthenticationSuccessHandler" 
      class="<package_name>.MyCustomAuthenticationSuccessHandler"/>

At app runtime, WaveMaker will automatically trigger these custom handlers. Follow the above approach for adding multiple success handlers.

WMAuthentication Class

WMAuthentication wrapper class holds authentication information like principal, loginTime, userId and the original authentication object. This wrapper class has the following structure.

public class WMAuthentication extends AbstractAuthenticationToken {
   private Map<String, Attribute> attributes = new HashMap<>();
   private String principal;    
   private long loginTime;
   private String userId;
   @JsonIgnore
   private transient Authentication authenticationSource;
   public WMAuthentication() {
   }
   public WMAuthentication(Authentication authenticationSource) {
   }
   @Override
   public Object getCredentials() {
       return null;
   }
   @Override
   public String getPrincipal() {
       return principal;
   }
   public Map<String, Attribute> getAttributes() {
       return attributes;
   }
   public String getUserId() {
       return userId;
   }
   public Authentication getAuthenticationSource() {
       return authenticationSource;
   }
   public long getLoginTime() {
       return loginTime;
   }

   public void setLoginTime(long loginTime) {
       this.loginTime = loginTime;
   }

   public void addAttribute(String key, Object value, Attribute.AttributeScope scope) {
       attributes.put(key, new Attribute(scope, value));
   }
}

You can add custom attributes using the addAttribute method. You need to implement methods in the WMAuthenticationSuccessHandler interface and call the below method of WMAuthentication object to add any custom attributes.

public void addAttribute(String key, Object value, Attribute.AttributeScope scope) {
    attributes.put(key, new Attribute(scope, value));
}

Adding Custom Attributes

You can attach additional information to the logged in user using the custom attribute. These attribute are made available in the logged-in user context and they can be retrieved in both UI & backend as per your needs.

Attribute Class

Each attribute is associated with a key, value, and scope.

public class Attribute implements Serializable{
   private AttributeScope scope;
   private Object value;
   public Attribute(AttributeScope scope, Object value) {
       this.scope = scope;
       this.value = value;
   }
   public AttributeScope getScope() {
       return scope;
   }
   public Object getValue() {
       return value;
   }
   public enum AttributeScope {
       /**
       *  This attributescoped variables will be visible to both client and server.
       */
       ALL,
       /**
       * This attributescoped variables will be visible only to the server.
       */
      SERVER_ONLY;
   }
}

Attribute Scope

AttributeScope determines whether the attribute is server only property or can be visible to both client and server. You can filter out the custom attributes from being visible to the client by setting Attribute.AttributeScope property.

public enum AttributeScope {
   /*
   *  This attributescoped variables will be used both in backend and frontend.
   */
   ALL,
   /*
   * This attributescoped variables get's persisted only in backend.
   */
   SERVER_ONLY;
}

Attaching to the Logged-in User

You can add custom attributes using the addAttribute method. You need to implement methods in the WMAuthenticationSuccessHandler interface and call the below method of WMAuthentication object to add any custom attributes.

public void addAttribute(String key, Object value, Attribute.AttributeScope scope) {
    attributes.put(key, new Attribute(scope, value));
}

Post-Authentication Redirection Handler

Post authentication, the default Redirection Handler redirects to the appropriate landing page based upon the logged-in users' role.

To customize the redirection, implement the following interface and declare as a bean with id: wmAuthenticationSuccessRedirectionHandler in project-user-spring.xml.

Interface to implement

public interface WMAuthenticationRedirectionHandler {
void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, 
                             WMAuthentication authentication) throws IOException, ServletException;
}

Handler declaration

Declare the following bean in the project-user-spring.xml.

<bean id="wmAuthenticationSuccessRedirectionHandler" 
      class="<package_name>.MyAuthenticationRedirectionHandler"/>
Last updated on 12/10/2019 by Swetha Kundaram
← Multiple Security Provider ImplementationConfiguring Content-Security-Policy →
  • Custom Post-Authentication Success Handler
    • Creating a Package Structure
    • Interface to Implement
    • Custom Handler Declaration
  • WMAuthentication Class
    • Adding Custom Attributes
    • Attribute Class
    • Attribute Scope
    • Attaching to the Logged-in User
  • Post-Authentication Redirection Handler
    • Interface to implement
    • Handler declaration
WaveMaker
  • PRICING
  • PARTNERS
  • CUSTOMERS
  • ABOUT US
  • CONTACT US
Terms of Use | Copyright © 2013-2023 WaveMaker, Inc. All rights reserved.