In this example we will create a simple authorization app with login/sign up scenarios and session management.
ActiveJ doesn't include built-in authorization modules or solutions, as this process may significantly vary depending on the project's business logic. This example represents a simple "best practice" which you can extend and modify depending on your needs. You can find full example sources on GitHub
In the example we will consider only the server which was created using ActiveJ
AsyncServlet. This approach allows to create an embedded application server in about 100 lines of code with no
additional XML configurations or third-party dependencies.
Let's create an
AuthLauncher, which is the main part of the application as it manages the application lifecycle, routing
and authorization processes. We will use ActiveJ
HttpServerLauncher and extend it:
Let's explore the provided objects in more detail:
- AuthService - authorization and register logic
- Executor - needed for StaticLoader
- StaticLoader - loads static content from
- SessionStore - handy storage for information about sessions
- AsyncServlet servlet - the main servlet that combines public and private servlets (for authorized and unauthorized sessions). As you can see, due to DI, this servlet only requires two servlets without their own dependencies
Now let's provide the public and private servlets.
AsyncServletpublicServlet - manages unauthorized sessions:
Let's take a closer look at how we set up routing for servlets. ActiveJ approach resembles Express. For example, here's the request to the homepage for unauthorized users:
map(@Nullable HttpMethod method, String path, AsyncServlet servlet) adds the route to the
method(optional) is one of the HTTP methods (
pathis the path on the server
servletdefines the logic of request processing. If you need to get some data from the request while processing you can use:
request.getQueryParameter(String key)(see example of query parameter usage) to provide the key of the needed parameter and receive back a corresponding String
request.getPostParameters()to get a Map of all request parameters
GET requests with paths "/login" and "/signup" upload the needed HTML pages.
POST requests with paths "/login" and "/signup" take care of log in and sign up logic respectively:
Pay attention at
POST "/login" route. serveFirstSuccessful() takes two servlets and waits until one of them
finishes processing successfully. So if authorization fails, a Promise of null will be returned (AsyncServlet.NEXT),
which means fail. In this case, a simple
StaticServlet will be created to load the errorPage.
Successful log in will generate a session id for the user and will save string
"My saved object in session" to session store.
Also it will redirect user to "/members".
Now, let's get to the next servlet that handles authorized sessions.
AsyncServletprivateServlet - manages authorized sessions:
First, it redirects requests from homepage to "/members":
Next, it takes care of all of the requests that go after "/members" path:
Pay attention to the path "/members/*".
* is a variable for the next part of the path. It states that this servlet will process any path segment that goes after "/members/".
For example, this route:
is a GET request for "/members/cookie" path. This request shows all cookies stored in the session.
A request can have an attachment map where any content can be mapped to some type, i.e. String. By default, requests have no attachments. In this case, the request contains 'cookies' as an attachment that's mapped to the
"/members/logout" logs the user out, deletes all cookies related to this session and redirects the user to the homepage.
After public and private servlets are set up, we define
main() method, which will start our launcher:
If you want to run the example, clone ActiveJ and import it as a Maven project. Check out branch v4.3. Before running the example, build the project (Ctrl + F9 for IntelliJ IDEA).
AuthLauncher class and run its main() method.
Then open your favorite browser and go to localhost:8080. Try to sign up and then log in. When
logged in, check out your saved cookies for session. You will see the following content:
My saved object in session.
Finally, try to log out. You can also try to log in with an invalid login or password.