Simple example illustrating authentication and authorization with Lightstreamer when an external Web/Application Server is involved in the process.
JavaScript HTML CSS
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
build_r.js
src
.gitignore
LICENSE
README.md
screenshot.png
sequence_diagram.png
thumbnail.png

README.md

Lightstreamer - Authentication and Authorization Demo - HTML Client

The Lightstreamer Authentication and Authorization Demo is a simple example illustrating authentication and authorization mechanisms when an external Web/Application Server is involved in the process.

This project includes a simple web client front-end example for the Lightstreamer - Authentication and Authorization Demo - Java Adapter.

Live Demo

screenshot

View live demo

Details

This Authentication and Authorization Demo illustrates the typical best practice used for Lightstreamer Web applications, when a Web/Application server is involved in the process. The actual authentication is usually handled by the legacy Web/Application server, irrespective of Lightstreamer.

from src/index.js:

[...]

$.ajax({
  url: "js/login.js",
  type: "POST",
  data: {
    user: user,
    password: password,
  },

[...]

Some sort of token is sent back to the Client through cookies, response payload or any other technique. When the Web Client creates the Lightstreamer session, instead of sending again the full credentials (usually involving a password) to Lightstreamer Server, it sends just the username and the token.

from src/index.js:

[...]

lsClient.connectionDetails.setUser(user);
lsClient.connectionDetails.setPassword(token); //send the token, not the password, to the Lightstreamer server
lsClient.connect();

[...]

The Metadata Adapter is passed this information and validates the token against the Web/Application Server that generated it (or a database or whatever back-end system).

Here an overview of the whole sequence:

sequence diagram

In this demo client the Web/Application server is not actually involved and calls to placeholder methods are performed to obtain and extract the token.

Once the user is authenticated on the Lightstreamer server as explained above, the client interface presents a list of items that can be subscribed. Every time an item is subscribed the Lightstreamer Server proceeds with the authorization of the request; each one of the username available in the demo is bound to a list of items it is authorized to view. Again the server might use an external service to verify if the received request is a valid one or not: more details on this are shown in the Adapter project.

Install

If you want to install a version of this demo pointing to your local Lightstreamer Server, follow these steps:

  • The Lightstreamer - Authentication and Authorization Demo - Java Adapter has to be deployed on your local Lightstreamer Server instance. Please check out that project and follow the installation instructions provided with it.
  • Download this project.
  • Deploy this demo on the Lightstreamer Server (used as Web server) or in any external Web Server: copy there the contents of the /src folder of this project. The client demo configuration assumes that Lightstreamer Server and this client are launched on the same machine. If you need to target a different Lightstreamer server, please open the src/js/Constants.js and configure the SERVER element accordingly.
  • Lightstreamer JS client, RequireJS and jQuery are currently hot-linked in the html page: you may want to replace them with a local version and/or to upgrade their version.
  • Open your browser and point it to to the newly deployed folder.

See Also

Lightstreamer Adapters Needed by This Client

Lightstreamer Compatibility Notes

  • Compatible with Lightstreamer JavaScript Client library version 6.0 or newer.