I am researching how to autenticate and authorize user within Android application
For autentication there is the AccountManager but I am not sure how to check whether the user is signed in or not. I know how to set up AccountAuthenticatorActivity and AuthenticatorService but I am not sure how its connected with the application.
Am I supposed to call some check on every onCreate in every activity to ensure that the user is signed in or does the service does that for me somehow?
If I am supposed to do some regular checking, what is the best practice towards where such checking should be called?
It depends on your application, really. Unless you have a requirement for very strict security, like a financial application, government application, etc. I think you could get by with a simpler approach. For example, after a user logs in (however you choose to implement this) store a value in SharedPreferences to denote the user has authenticated. From here, you could do one of the following:
If your application requires you authenticate every activity/fragment you launch, simply check this SharedPreferences value. You could also create a base activity that all your other activities extend and do your authentication check there.
If you only need to authenticate once, modify your launcher activity in your manifest to check for this value. If the user has authenticated already, create a new Intent for your 'home' activity and redirect your user and finish() the launcher activity.
As always, it depends. Do you need to protect the whole app? or some particular activities or some fragment in some activities. Take a look at Mint app.
It asks the user to enter pass code to access app. For something like this, create a base activity and make all activities in your app inherit this and do the checking in the base activity.
If you need to secure just some activities, create a base activity
just for these activities and do your security check there.
If it is for some portion of an activity, You have to roll up something specific for your workflow.
Just a tip, Try to split your question into smaller problems, it makes easier for people to answer.
Related
Please Read completely.
I am having four activities like
Login,
Registration,
pendingList,
DeliveryList
I want to send userId to delivery list, but here I am not directly going from Login Activity to DeliveryList Activity. I going to the Login to PendingList.
but when the user clicks on DeliveryList on he needs userId to be present in the deliveryList. I don't even sure I am asking the question correctly, but this is my requirement. Can some one help me with an example?
You need to use Intent class. You can find all the specifications here
You wouldn't use Shared Pref OR Intents to send user information from class to class. I would HIGHLY recommend using a database service like Firebase or Parse-Server. You need to carry a session for the user....then, and only then, would you be able to carry PROPER information over from activity to activity.
Look into Firebase -> it works very well for all platforms (I use Parse -> I like it better). after you get that information coded on your end, then post more questions from that stand point.
Please do not use Shared Pref, Intents, or static classes for user information.
I am writing an application where, after successfull login and based on the user profile, the user can only see certain activities. For instance, if user has profilA, he can only see Activities A, B, C. If he has profilB, he can only sees Activities D,F,G.
Note that I could write 2 applications and my problem is solved easily but the requirements are the app should manage profileA and profileB.
I was thinking about custom permissions to implement this. Where each activity will be restricted with a custom permissions. For instance, Activities A,B and C would be restricted with com.myapp.permissions.profilA. And Activities D,F and G would be restricted with com.myapp.permissions.profilB.
While searching again, I have found the permission-tree element and the PackageManager.addPermission(PermissionInfo info).
The javadoc of addPermissionsays :
Add a new dynamic permission to the system. For this to work, your package must have defined a permission tree through the tag in its manifest. A package can only add permissions to trees that were defined by either its own package or another with the same user id; a permission is in a tree if it matches the name of the permission tree + ".": for example, "com.foo.bar" is a member of the permission tree "com.foo".
The idea that I have is, define a permission-tree, after successfull login, based on the user profile, "sets the custom permissions" of the application. I don't know if it's possible.
It's a similar feature when certain apps hide some admins features to their users. I am thinking of similar functionality.
Is it possible to achieve this functionality? Or do I need to think for another solution?
I am open to all propositions.
There is an easier way to go about about. In your API, create a user_code for each user so that after a successful login, you can get the user_code for the currently logged in user. Once you get the code say in the Home/Dashboard Activity, you can check if the user is allowed to access a certain activity and if they are not allowed, you can probably return an alert dialog telling them that they don't have the rights.
It seems that defining custom permissions to restrict access to certain activities is not exactly what you need. Seems to me that you're going on the wrong direction...as the documentation states...creating custom permissions is relatively uncommon...I mean permissions were designed to reduce security issues and sandbox applications from each other....the latter doesn't seem to be your case.
Anyway, it is extremely uncommon...IMHO, to create custom permissions for the mere purpose to restrict access to certain activities. Especially, because the same way you login a user and the same way you determine what a specific user is allowed to do...it's exactly the same way you can determine when to restrict access to a specific part of your app
Not really sure why you would need to rely on the permission system to do this. What I'm thinking is that you can just create logic to disable whatever features that would lead to those Activities from being launched based on the logged in profile.
If your activities don't have any filters that would allow them to be launched implicitly by another intent, then that means your app complete control over when they're launched.
Use the login result to control what you display to the user. If you wanted to, you could create two separate XML layout files. One that has buttons for A, B, and C, and the other that has buttons for D, E, and F.
Just because an Activity exists doesn't mean it's automatically displayed to the user as an "entry point". You're doing that through what you display in other activities.
I've watched the Coursera android course and I have doubts how Android works in my application that I'm building. It does basic stuff, like register and show my info and do TODO using server as database. And I know it depends how I want to it begin built. Need some options.
Fragments can be built in ActionBar and whenever I want be called? Or is it bad to this way and stick with default menu built and hide it programmatically? Tried to google and didn't find any information.
The MainActivity is made to make http request POST to register name, email and password in my server. Is it possible to start the SecondActivity whenever he logged in? It's just like Instagram. But, I could set a condition to check depends if logged or not change the setContent(R.layout.main) or setContent(R.layout.second)?
When the register is done. All the data is saved on the server. But I want to check every time he changes activity or do some action if he's logged in or not. Could I use some thread with a flag(bool)? Could be a bad practice and reduce the performance? Or SharedPrefrences adding flag(bool)? But SharedPreferences are saved after the application is closed?
About to show my information in every Activity, like name, age and sex etc and such. Making request http just to show information is quite bad for my application, since it's just TODO app and I don't need to be connected to internet to see my info, but in case of edit, yes. So if I save in the SharedPreferences, but stays the same doubt, it will save after I close the application?
Since your question is likely to be drastically edited (as i advised in a comment) i quote the original text here.
Fragments can be built in ActionBar and whenever I want be called? Or
is it bad to this way and stick with default menu built and hide it
programmatically? Tried to google and didn't find any information.
Yes, fragments can be used whereever you like. But thats not really an answer.
Base your design on the various activities (think "what app screens should users navigate", and give these one fragment each.
The MainActivity is made to make http request POST to register name,
email and password in my server. Is it possible to start the
SecondActivity whenever he logged in? It's just like Instagram. But, I
could set a condition to check depends if logged or not change the
setContent(R.layout.main) or setContent(R.layout.second)?
Yes, you could have a LoginActivity that is called with startActivityForResult(). It would connect and return the success/failure. (See http://developer.android.com/training/basics/intents/result.html )
Also, keep in mind that HTTP POST is not encrypted, the password is sent as plain text.
When the register is done. All the data is saved on the server. But I
want to check every time he changes activity or do some action if he's
logged in or not. Could I use some thread with a flag(bool)? Could be
a bad practice and reduce the performance? Or SharedPrefrences adding
flag(bool)? But SharedPreferences are saved after the application is
closed?
Yes, SharedPreferences are stored after exiting the application. Ideal to simply implement app settings, but when storing lists of items you should look into other solutions. A JSON file may be of use, you could directly pull/push it from/to server.
About to show my information in every Activity, like name, age and sex
etc and such. Making request http is quite bad for my application,
since it's just TODO app and I don't need to be connected to internet
to see my info, but in case of edit, yes. So I saved in the
SharedPreferences, but stays the same doubt, it will save after I close the application?
See answer above. In short get a JSON string from the server, store it locally in a file. View and edit the local file, then upload it whenever you want. This way it works offline too, but can still download/upload the changes.
I'm here today asking someone if they know a way to make a set up screen on first start up.
Here's the scenario: When someone downloads my app and uses it for the first time, it has to show a method where users make a password. On subsequent uses, I don't want it to be shown anymore. Does anybody know how to do this?
You can use the SharedPreferences for this purpose.
At the start of your application, check if the key "myKey+versioncode" is present or not in the SharedPreferences. If it not stored, then it means your application has not bee started yet, let the user create his/her password. Once the password is created, add the SharedPreferences "myKey+versioncode" with any value you like, and next time you will find this SharedPreferences, so it means the user already started the application and created its password.
However be careful about the "versionning" of this key, you might also want to keep a single key instead of one per version of your application.
Edit: Concept found at the time I was looking for EULA inplementation, here: Simple EULA implementation for Android
Based on the user requirements, he wants to use our android application via pin code access like login whenever he starts to use this application. In Android or any mobile, most of the applications start again the last using layout. so which event should i call this login alertdialog to access each time users start to use it? Or let me know the better. Thank you.
You will have to add a snippet of code in each Activity you have so that it ask the user to type the user & password. If you are using normal activities I guess you can add the snippet inside methods like onRestoreInstanceState so that you can be sure it will be executed as soon as the user (re)open the activity.