A Scope may contain at most one LoginHandler. All access to elements within this Scope, or its children Scopes, must first satisfy the LoginHandler. The method in which a LoginHandler may be satisfied depends on the type of the LoginHandler. A LoginHandler must have at least one incoming Parameter in order to specify the necessary credentials.
A LoginHandler must provide a login interface, in which the current user can provide credentials in order to satisfy the LoginHandler. A LoginHandler must also provide a logout interface, in which the current user can remove credentials used to satisfy the LoginHandler. Any credentials supplied by the user to satisfy the LoginHandler are stored according to the storage semantics of the protected Scope.
A secret key LoginHandler must have exactly one incoming Parameter from a value instance element, specifying a particular password. When accessing a Scope protected by a secret key LoginHandler, this password must first be provided by the user.
A domain object LoginHandler must have at least one incoming Parameter, each from a DomainAttribute instance. All incoming DomainAttributes must belong either directly or indirectly (through inheritance) to a single DomainType (the target schema).
The login interface for this LoginHandler must therefore provide one user interface element per incoming DomainAttribute in order to provide query values. When accessing a Scope protected by a domain object LoginHandler, these query values will be used in order to select a valid instance. A domain object LoginHandler will only be satisfied if there exists at least one valid instance for these query values.
A domain object LoginHandler may have any number of outgoing SetWires to DomainIterators. When a LoginHandler is satisfied, all of these DomainIterators will be populated with the valid DomainType instances selected. If this LoginHandler is not satisfied, these DomainIterators will be empty.
[LoginHandler.html]SECRET_KEY
will
connect to a Value
named 'current login key' as the stored key using a
SetWire named 'set'.
[login-handler]
DOMAIN_OBJECT
or USER
, but the
AccessControlHandler requires
a Permission
without a Role,
and which does not specify a SelectEdge,
will use the same DomainSource
as the DomainType
used as a Parameter
to the AccessControlHandler.
[login-handler]
DOMAIN_OBJECT
or USER
, but the handlers both use
different DomainTypes
(for example, with inheritance),
and which does not specify a SelectEdge,
will use the same DomainSource
as the DomainType
used as a Parameter
to the AccessControlHandler.
[login-handler]
DOMAIN_OBJECT
or USER
, but the handlers both use
the same DomainTypes,
and which does not specify a SelectEdge,
will use the same DomainSource
as the DomainType
used as a Parameter
to the AccessControlHandler.
[login-handler]
DOMAIN_OBJECT
will create an ActivityOperation
'check instance' within the protected
Session.
[login-handler]
SECRET_KEY
will
create an ActivityOperation
'check key' within the protected Session.
[login-handler]
USER
will create
an ActivityOperation
'check instance' within the protected
Session.
[login-handler]
DOMAIN_OBJECT
that a DomainIterator
is not empty,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
USER
that a
DomainIterator
is not empty,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
SECRET_KEY
against
an incoming Parameter
to the handler, will be completed with the necessary
ActivityNodes to implement this functionality.
[login-handler]
DOMAIN_KEY
,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
SECRET_KEY
,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
USER
, will be
completed with the necessary ActivityNodes
to implement this functionality. [login-handler]
DOMAIN_OBJECT
will reset all of the stored keys for each DomainAttribute
used as a Parameter
to the handler to an empty Value.
[login-handler]
USER
will reset all of the stored keys for each
DomainAttribute of the
Role used as a
Parameter to the handler to an empty Value.
[login-handler]
DOMAIN_OBJECT
,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
SECRET_KEY
,
will be completed with the necessary ActivityNodes to implement this functionality.
[login-handler]
USER
, will be
completed with the necessary ActivityNodes
to implement this functionality. [login-handler]
USER
will be
available as a named ActivityParameter
of the 'do login' ActivityOperation.
[login-handler]
DOMAIN_OBJECT
will be available as a named
ActivityParameter of the 'do login'
ActivityOperation.
[login-handler]
SECRET_KEY
will
contain an InputTextField
named 'login key'. [login-handler]
DOMAIN_OBJECT
will contain a DomainIterator
'current instance' to represent the current domain object instance.
[login-handler]
USER
will contain
a DomainIterator
'current instance' to represent the current domain object instance.
[login-handler]
DOMAIN_OBJECT
will be updated according to the DomainType
of the handler. [login-handler]
USER
will be
updated according to the DomainAttributes
provided as Parameters
to the handler. [login-handler]
USER
will be
updated according to the Role
of the handler. [login-handler]
USER
will be
updated according to the Role
of the handler. [login-handler]
USER
will be
set according to the DomainAttributes
provided as Parameters
to the handler. [login-handler]
SECRET_KEY
will
execute
the 'check key' Operation
with a high priority
when the frame is accessed.
[login-handler]
DOMAIN_OBJECT
will contain an InputTextField
for every DomainAttribute
defined as a Parameter
to that LoginHandler.
[login-handler]
USER
will contain
an InputTextField
for every non- primary
key DomainAttribute
within the Role
defined as a Parameter
to that LoginHandler.
[login-handler]
SECRET_KEY
will
navigate
to the login Frame
if the 'check key' Operation
fails. [login-handler]
SECRET_KEY
will
provide the stored key as a Parameter to the executed 'check key' Operation.
[login-handler]
DOMAIN_OBJECT
will be provided as a Parameter
to the handler. [login-handler]
DOMAIN_OBJECT
will be provided as a named
Parameter to the 'do login'
Operation of the handler. [login-handler]
USER
will be provided as a named
Parameter to the 'do login'
Operation of the handler. [login-handler]
DOMAIN_OBJECT
or USER
without a specified
SelectEdge will use the same
DomainSource as the
DomainType used as a
Parameter to that handler. [login-handler]
DOMAIN_OBJECT
without a specified SelectEdge
will use the same DomainSource
as the DomainType
that defines the DomainAttribute
used as a Parameter
to that handler. [login-handler]
USER
without
a specified SelectEdge
will use the same DomainSource
as the DomainType
that defines the DomainAttribute
used as a Parameter
to that handler. [login-handler]
DOMAIN_OBJECT
will be provided as the
set target of the handler. [login-handler]
USER
will be provided as the
set target of the handler. [login-handler]
DOMAIN_OBJECT
will connect each Value
named 'current XXX' using SetWires
named 'set'. [login-handler]
USER
will connect
each Value
named 'current XXX' using SetWires
named 'set'. [login-handler]
DOMAIN_OBJECT
will define a Value
named 'current XXX' in the protected Session for each
DomainAttribute used as a Parameter
to the handler. [login-handler]
SECRET_KEY
will
define a Value
named 'current login key' in the protected
Session as the stored key, if no
outgoing SetWire
named 'set' from the LoginHandler
is defined. [login-handler]
USER
will define
a Value
named 'current XXX' in the protected Session for each
DomainAttribute used as a Parameter
to the handler. [login-handler]
true
if the current element has been generated.