LoginHandler extends ActionEdgeSource, ContainsFunctions, ContainsOperations, ContainsValues, ContainsWires, GeneratesElements, NamedElement, ParameterEdgeDestination, Wireable

Examples

• LoginHandlerInstanceComplete.iaml (source)
  • The complete wire-based implementation of a LoginHandler (selecting a DomainType) [LoginHandlerInstanceComplete]
• LoginHandlerInstanceMultiple.iaml (source)
  • Restricting access to a Session with a LoginHandler (based on selecting a DomainType instance)that requires two valid Parameters. [LoginHandlerInstanceMultiple]
• UserRolesLoginHandler.iaml (source)
  • Restricting access to frames containedwithin a Session by enforcing user loginand checking the current user has a given Role. [UserRolesLoginHandler]

Implementation Notes

• If a LoginHandler (selecting a DomainType) has an outgoing navigation to a Frame named 'logout', the successfullogout of the current user will be redirected to this page. [LoginHandlerInstanceComplete]
• If a LoginHandler (selecting a DomainType) has an outgoing navigation to a Frame named 'success', the successfullogin of the current user will be redirected to this page. [LoginHandlerInstanceComplete]
• A LoginHandler (selecting a DomainType) needs incoming DomainAttributes as Parameters in orderto select the valid instance. [LoginHandlerInstanceMultiple]
• The generated Value containing the current password for a LoginHandler is set before it is evaluated whether the instance actually exists, thus the Value may not be valid. [login-handler]

Inference Rules

• A LoginHandler is generated for a Frame contained within a Session that contains an AccessControlHandler. [users]
• An AccessControlHandler protecting a Session with a defined Role-based access requirement will provide the default Role as a Parameter to the created LoginHandler. [users]
• The DomainIterator representing the current instance of an AccessControlHandler check, protecting a Frame within a Session, will be provided as a Parameter to the generated LoginHandler. [users]
• The DomainIterator representing the current instance of an AccessControlHandler check, protecting a Session, will be provided as a Parameter to the generated LoginHandler. [users]
• A LoginHandler is generated for a Session that contains an AccessControlHandler. [users]
• A LoginHandler of type SECRET_KEY will connect to a Value named 'current login key' as the stored key using a SetWire named 'set'. [login-handler]
• A LoginHandler will have an Operation named 'do login'. [login-handler]
• A Scope protected by a LoginHandler will define a separate login Session, allowing session-unique authentication. [login-handler]
• If a LoginHandler has a defined outgoing ECARule named 'fail', then this rule should be executed after a failed 'do login' ActivityOperation. [login-handler]
• If a LoginHandler has a defined outgoing ECARule named 'success', then this rule should be executed after a successful 'do login' ActivityOperation. [login-handler]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the AccessControlHandler requires a Permission without a Role, and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the handlers both use different DomainTypes (for example, with inheritance), and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the handlers both use the same DomainTypes, and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]
• A LoginHandler of type DOMAIN_OBJECT will create an ActivityOperation 'check instance' within the protected Session. [login-handler]
• A LoginHandler of type SECRET_KEY will create an ActivityOperation 'check key' within the protected Session. [login-handler]
• A LoginHandler of type USER will create an ActivityOperation 'check instance' within the protected Session. [login-handler]
• A LoginHandler will define an Operation named 'do logout' within the protected Scope. [login-handler]
• An ActivityOperation named 'check instance', used to check the status of a LoginHandler of type DOMAIN_OBJECT that a DomainIterator is not empty, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'check instance', used to check the status of a LoginHandler of type USER that a DomainIterator is not empty, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'check key', used to check the status of a LoginHandler of type SECRET_KEY against an incoming Parameter to the handler, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do login', used to actually implement the login operation of a LoginHandler of type DOMAIN_KEY, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do login', used to actually implement the login operation of a LoginHandler of type SECRET_KEY, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do login', used to actually implement the login operation of a LoginHandler of type USER, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do logout' of a LoginHandler of type DOMAIN_OBJECT will reset all of the stored keys for each DomainAttribute used as a Parameter to the handler to an empty Value. [login-handler]
• An ActivityOperation named 'do logout' of a LoginHandler of type USER will reset all of the stored keys for each DomainAttribute of the Role used as a Parameter to the handler to an empty Value. [login-handler]
• An ActivityOperation named 'do logout', used to actually implement the logout operation of a LoginHandler of type DOMAIN_OBJECT, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do logout', used to actually implement the logout operation of a LoginHandler of type SECRET_KEY, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• An ActivityOperation named 'do logout', used to actually implement the logout operation of a LoginHandler of type USER, will be completed with the necessary ActivityNodes to implement this functionality. [login-handler]
• Every DomainAttribute of the Role provided as a Parameter to a LoginHandler of type USER will be available as a named ActivityParameter of the 'do login' ActivityOperation. [login-handler]
• Every DomainAttribute provided as a Parameter to a LoginHandler of type DOMAIN_OBJECT will be available as a named ActivityParameter of the 'do login' ActivityOperation. [login-handler]
• A login Frame for a LoginHandler of type SECRET_KEY will contain an InputTextField named 'login key'. [login-handler]
• A login Frame for a LoginHandler will contain an Button named 'login'. [login-handler]
• The 'login' Button in the login Frame for a LoginHandler will execute the 'do login' Operation within the LoginHandler when the button is clicked. [login-handler]
• A Session protected by a LoginHandler of type DOMAIN_OBJECT will contain a DomainIterator 'current instance' to represent the current domain object instance. [login-handler]
• A Session protected by a LoginHandler of type USER will contain a DomainIterator 'current instance' to represent the current domain object instance. [login-handler]
• The query of a DomainIterator used to set a LoginHandler of type DOMAIN_OBJECT will be updated according to the DomainType of the handler. [login-handler]
• The query of a DomainIterator used to set a LoginHandler of type USER will be updated according to the DomainAttributes provided as Parameters to the handler. [login-handler]
• The query of a DomainIterator used to set a LoginHandler of type USER will be updated according to the Role of the handler. [login-handler]
• The query of a DomainIterator used to set a LoginHandler of type USER will be updated according to the Role of the handler. [login-handler]
• The query of a DomainIterator used to set a LoginHandler of type USER will be set according to the DomainAttributes provided as Parameters to the handler. [login-handler]
• A Frame contained by a Session protected by a LoginHandler of type SECRET_KEY will execute the 'check key' Operation with a high priority when the frame is accessed. [login-handler]
• If a LoginHandler has a defined outgoing ECARule named 'logout', then this rule should be executed after a successful 'do logout' ActivityOperation. [login-handler]
• If a LoginHandler has an outgoing navigation rule named 'logout', then this navigation rule will be executed when the logout Frame is accessed. [login-handler]
• If no 'logout' ECARule is defined for a LoginHandler, then the 'logout successful' Frame will be defined as the 'logout' ECARule. [login-handler]
• If no 'success' ECARule is defined for a LoginHandler, then the 'login successful' Frame will be defined as the 'success' ECARule. [login-handler]
• When the logout Frame for a LoginHandler is accessed, the 'do logout' Operation will be called. [login-handler]
• A Scope protected by a LoginHandler will create a login Frame named 'login' within the login Session. [login-handler]
• A Scope protected by a LoginHandler will create a logout Frame named 'logout' within the same Scope. [login-handler]
• If no 'logout' ECARule is defined for a LoginHandler, then a default 'logout successful' Frame will be created. [login-handler]
• If no 'success' ECARule is defined for a LoginHandler, then a default 'login successful' Frame will be created. [login-handler]
• The login Frame created for a LoginHandler protecting a Scope will be provided as the login rule for the LoginHandler if none is specified. [login-handler]
• A login Frame for a LoginHandler will contain an InputForm named 'login form'. [login-handler]
• A login Frame for a LoginHandler of type DOMAIN_OBJECT will contain an InputTextField for every DomainAttribute defined as a Parameter to that LoginHandler. [login-handler]
• A login Frame for a LoginHandler of type USER will contain an InputTextField for every non- primary key DomainAttribute within the Role defined as a Parameter to that LoginHandler. [login-handler]
• A Frame contained by a Session protected by a LoginHandler of type SECRET_KEY will navigate to the login Frame if the 'check key' Operation fails. [login-handler]
• A Frame contained by a Session protected by a LoginHandler of type SECRET_KEY will provide the stored key as a Parameter to the executed 'check key' Operation. [login-handler]
• Each Value 'current XXX' set by a a LoginHandler of type DOMAIN_OBJECT will be provided as a Parameter to the handler. [login-handler]
• Every InputTextField defined in the login form for the login Frame for a LoginHandler of type DOMAIN_OBJECT will be provided as a named Parameter to the 'do login' Operation of the handler. [login-handler]
• Every InputTextField defined in the login form for the login Frame for a LoginHandler of type USER will be provided as a named Parameter to the 'do login' Operation of the handler. [login-handler]
• A DomainIterator within a Session protected by a LoginHandler of type DOMAIN_OBJECT or USER without a specified SelectEdge will use the same DomainSource as the DomainType used as a Parameter to that handler. [login-handler]
• A DomainIterator within a Session protected by a LoginHandler of type DOMAIN_OBJECT without a specified SelectEdge will use the same DomainSource as the DomainType that defines the DomainAttribute used as a Parameter to that handler. [login-handler]
• A DomainIterator within a Session protected by a LoginHandler of type USER without a specified SelectEdge will use the same DomainSource as the DomainType that defines the DomainAttribute used as a Parameter to that handler. [login-handler]
• A DomainIterator 'current instance' created for a LoginHandler of type DOMAIN_OBJECT will be provided as the set target of the handler. [login-handler]
• A DomainIterator 'current instance' created for a LoginHandler of type USER will be provided as the set target of the handler. [login-handler]
• A LoginHandler of type DOMAIN_OBJECT will connect each Value named 'current XXX' using SetWires named 'set'. [login-handler]
• A LoginHandler of type USER will connect each Value named 'current XXX' using SetWires named 'set'. [login-handler]
• A LoginHandler of type DOMAIN_OBJECT will define a Value named 'current XXX' in the protected Session for each DomainAttribute used as a Parameter to the handler. [login-handler]
• A LoginHandler of type SECRET_KEY will define a Value named 'current login key' in the protected Session as the stored key, if no outgoing SetWire named 'set' from the LoginHandler is defined. [login-handler]
• A LoginHandler of type USER will define a Value named 'current XXX' in the protected Session for each DomainAttribute used as a Parameter to the handler. [login-handler]

Constraints

• "A login handler must have an incoming parameter to check against" [Checks.chk]
• "All incoming DomainAttribute parameters for a DOMAIN_OBJECT LoginHandler must belong to the same DomainType" [Checks.chk]
• "A login handler of type DOMAIN_OBJECT must have at least one incoming parameter of type DomainAttribute" [Checks.chk]
• "A login handler of type SECRET_KEY must have exactly one incoming parameter" [Checks.chk]
• "A login handler of type USER must have at least one incoming parameter of type Role or Permission" [Checks.chk]
• "A LoginHandler[user] can not have more than one incoming Parameter" [Checks.chk]
• "A login handler of type SECRET_KEY cannot have an incoming Role as a parameter" [Checks.chk]
• "Some of the ECARules defined for this trigger may not be executed, as an unconditional navigation will occur due to the priority order, halting ECARule execution" [Checks.chk] [from ActionEdgeSource]
• "You should not have a contained Property named 'fieldValue', unless it is contained within the fieldValue containment feature" [Checks.chk] [from ContainsValues]

Attributes

• type : LoginHandlerTypes (required)
  The authentication method of this LoginHandler.
  Accepted literals: SECRET_KEY, DOMAIN_OBJECT, USER

Inherited Attributes

• generatedRule : EString (optional)
  To assist in debugging, this attribute may be populated with the name of the model completion rule that created this element. More extensive traceability support may be provided in the future.
• id : EString (optional)
  A unique identifier for this model element. Should be globally unique.
• isGenerated : EBoolean (optional)
  Set to true if the current element has been generated.
• name : EString (optional)
  A non-unique string that names a given object.
• overridden : EBoolean (optional)
  If a GeneratesElements is overridden, then this element will not generate any elements directly.
• overriddenNames : EString (optional)
  When applying model completion, no NamedElements with these names will be generated by this element.

Children

Inherited Children

• conditionEdges : [0...*] SimpleCondition
  A list of contained SimpleConditions.
• constraintEdges : [0...*] ConstraintEdge
  A list of contained ConstraintEdges.
• ecaRules : [0...*] ECARule
  A list of contained ECARules.
• extendsEdges : [0...*] ExtendsEdge
  A list of contained ExecutionEdges.
• functions : [0...*] Function
  A list of contained Functions.
• operations : [0...*] Operation
  A list of contained Operations.
• parameterEdges : [0...*] Parameter
  A list of contained Parameters.
• providesEdges : [0...*] ProvidesEdge
  A list of contained ProvidesEdges.
• requiresEdges : [0...*] RequiresEdge
  A list of contained RequiresEdges.
• schemaEdges : [0...*] SchemaEdge
  A list of contained SchemaEdges.
• selectEdges : [0...*] SelectEdge
  A list of contained SelectEdges.
• values : [0...*] Value
  A list of contained Values.
• wires : [0...*] Wire
  A list of contained Wires.

References

Inherited References

• generatedBy : [0...*] GeneratesElements [opposite: generatedElements]
  A list of elements that generated this element; conversely, overriding the source will prevent this element from being created.
• generatedElements : [0...*] GeneratedElement [opposite: generatedBy]
  A list of GeneratedElements that this element has generated through model completion.
• inParameterEdges : [0...*] Parameter [opposite: parameterTerm]
  A list of incoming Parameters.
• inWires : [0...*] Wire [opposite: to]
  A list of incoming Wires.
• listeners : [0...*] ECARule [opposite: trigger]
  A list of outgoing ECARules.
• outWires : [0...*] Wire [opposite: from]
  A list of outgoing Wires.

Extensions

Inherited Extensions

• List[model::Operation] allContainerOperations(model::ContainsOperations this) [GeneratorExtensions.ext]
• availableInCurrentScript(model::WireSource source,model::WireDestination target) [GeneratorExtensions.ext]
• availableInCurrentScriptAction(model::ActionEdgeSource source,model::Action target) [GeneratorExtensions.ext]
• model::visual::Frame containingFrame(model::NamedElement this) [Extensions.ext]
• model::Scope containingScope(model::NamedElement this) [GeneratorExtensions.ext]
• model::visual::Frame frameContainingOperation(model::NamedElement this) [GeneratorExtensions.ext]
• getFailHandler(model::ActionEdgeSource this) [GeneratorExtensions.ext]
• onCurrentFrame(model::WireSource source,model::WireDestination target) [GeneratorExtensions.ext]
• onCurrentSession(model::WireSource source,model::WireDestination target) [GeneratorExtensions.ext]
• safeName(model::GeneratedElement this) [GeneratorExtensions.ext]
• simpleName(model::NamedElement this) [GeneratorExtensions.ext]