ユーザーとセッション
REST requests can benefit from web user sessions, providing extra features such as multiple requests handling, data sharing between the web client processes, and user privileges.
4D Server上で RESTセッションを開くには、まずリクエストを送信するユーザーが認証されなければなりません。
ユーザー認証
You log in a user to your application by calling $directory/login in a POST request including the user's name and password in the header. This request calls the On REST Authentication database method (if it exists), where you can check the user's credentials (see example below).
セッションの開始
When scalable sessions are enabled (recommended), if the On REST Authentication database method returns true, a user session is then automatically opened and you can handle it through the Session object and the Session API. Subsequent REST requests will reuse the same session cookie.
If the On REST Authentication database method has not been defined, a guest session is opened.
例題
In this example, the user enters their email and password in an html page that requests $directory/login in a POST (it is recommended to use an HTTPS connection to send the html page). The On REST Authentication database method is called to validate the credentials and to set the session.
The HTML login page:
<html><body bgcolor="#ffffff">
<div id="demo">
<FORM name="myForm">
Email: <INPUT TYPE=TEXT NAME=userId VALUE=""><BR>
Password: <INPUT TYPE=TEXT NAME=password VALUE=""><BR>
<button type="button" onclick="onClick()">
Login
</button>
<div id="authenticationFailed" style="visibility:hidden;">Authentication failed</div>
</FORM>
</div>
<script>
function sendData(data) {
var XHR = new XMLHttpRequest();
XHR.onreadystatechange = function() {
if (this.status == 200) {
window.location = "authenticationOK.shtml";
}
else {
document.getElementById("authenticationFailed").style.visibility = "visible";
}
};
XHR.open('POST', 'http://127.0.0.1:8044/rest/$directory/login'); //rest server address
XHR.setRequestHeader('username-4D', data.userId);
XHR.setRequestHeader('password-4D', data.password);
XHR.setRequestHeader('session-4D-length', data.timeout);
XHR.send();
};
function onClick()
{
sendData({userId:document.forms['myForm'].elements['userId'].value , password:document.forms['myForm'].elements['password'].value , timeout:120})
}
</script></body></html>
When the login page is sent to the server, the On REST Authentication database method is called:
//On REST Authentication
#DECLARE($userId : Text; $password : Text) -> $Accepted : Boolean
var $sales : cs.SalesPersonsEntity
$Accepted:=False
//A '/rest' URL has been called with headers username-4D and password-4D
If ($userId#"")
$sales:=ds.SalesPersons.query("email = :1"; $userId).first()
If ($sales#Null)
If (Verify password hash($password; $sales.password))
fillSession($sales)
$Accepted:=True
End if
End if
End if
As soon as it has been called and returned
True, theOn REST Authenticationdatabase method is no longer called in the session.
The fillSession project method initializes the user session, for example:
#DECLARE($sales : cs.SalesPersonsEntity)
var $info : Object
$info:=New object()
$info.userName:=$sales.firstname+" "+$sales.lastname
Session.setPrivileges($info)
Use (Session.storage)
If (Session.storage.myTop3=Null)
Session.storage.myTop3:=$sales.customers.orderBy("totalPurchase desc").slice(0; 3)
End if
End use