EzyFox Server Login
Updated at 16856854530001. Use username and password
In this way, client will send to EzyFox server an username and password. And in the UserLoginController you need validate that credential like this:
String password = event.getPassword(); if (username.length() < 6) { throw new EzyLoginErrorException(EzyLoginError.INVALID_USERNAME); } if (password.length() < 6) { throw new EzyLoginErrorException(EzyLoginError.INVALID_PASSWORD); } // query to database to check username and password
You can find out full source code in UserLoginController example.
2. Use access token
Nowaday, we rarely use username and password to login to a socket server. We usually have a http server to login and recevie an token for other service. You can apply this flow fo EzyFox server with some steps:
- Client send login request to a HTTP server to login with a username and password. For HTTP Server, you can use EzyHTTP a framework for HTTP Server and Client, For example hello-world-rest-api
- HTTP server validate the username, password and return an access token if the validation is OK. HTTP server will save token to the database
- Client send login request to EzyFox Server with the access token
- EzyFox server call to the database to validate the access token and get the user information
This is a very simple access token validation use AES algorithm without database acess:
try { byte[] usernameBytes = EzyAesCrypt.getDefault().decrypt( EzyBase64.decode(token), CommonConstants.TOKEN_ENCRYPTION_KEY.getBytes() ); String username = new String(usernameBytes); event.setUsername(username); } catch (Exception e) { throw new EzyLoginErrorException(EzyLoginError.INVALID_TOKEN); }
You can find out full source code in UserLoginController example. From client, you will send the access token via login data, with Java it will looks like this:
return new EzyLoginRequest( ZONE_NAME, "", "", newObject("accessToken", accessToken) );
You should not send the access token via username and password, becase they have difference meaning and regex pattern. For full example, you can look at HelloWorldClient You can find out full source code in hello-world example.
Next step
You can setup SSL for websocket