Оффлайн
- Регистрация
- 9 Май 2015
- Сообщения
- 1,368
- Баллы
- 155
This blog post is based on a pre-release version of the RAD Studio software. No feature is committed until the product’s GA release.
Web development will get much easier with the upcoming enhancements in RAD Studio 13. We’ve been listening to your feedback, and we are rolling out new features that help you build secure web applications and services much faster.
Table of Contents
Session Management Made Simple
The new TWebSessionManager component gives you advanced session management right out of the box. Whether you need cookie-based sessions (the default), header-based, or query parameter sessions, all session data becomes available in WebStencils templates through the @session.xxx syntax.
What makes this really nice is the flexibility in session scoping. You can have unlimited sessions, one session per authenticated user, or even one session per user-IP combination for enhanced security. Sessions automatically expire after a configurable timeout, and you can easily store custom objects for each session directly in DataVars for easy access throughout your application.
Access is straightforward: TWebRequest.Session provides the current session in your Delphi or C++ code, allowing you to immediately start storing and retrieving your custom data without any setup code.
In WebStencils, access session data with @session.customObject, or use the handy shortcut @customObject syntax to get objects stored in DataVars without the longer session reference.
Authentication Without the Headache
Authentication used to mean writing a lot of boilerplate code. Not anymore. We’ve included two ready-to-use authenticators:
TWebFormsAuthenticator is particularly slick. It handles the entire login flow for you. Just set your LoginURL, FailedURL, and HomeURL properties, and it automatically redirects unauthenticated users to your login page, processes POST credentials, and sends users back to where they originally wanted to go using the returnUrl parameter. All you need to implement is the OnAuthenticate event to validate credentials against your user store.
procedure TMainWebModule.WebFormsAuthenticatorAuthenticate(Sender: TCustomWebAuthenticator; Request: TWebRequest; const UserName, Password: string; var Roles: string; var Success: Boolean); begin Success := False; Roles := ''; if ValidateUserCredentials(UserName, Password) then begin Success := True; Roles := GetUserRoles(UserName); end; end;
Role-Based Authorization
Security isn’t just about knowing who your users are; it’s also about controlling what they can do. The new TWebAuthorizer component provides flexible role-based access control through authorization zones. You can protect entire sections of your application with URL patterns and specify which user roles have access. You can protect entire sections of your application with URL patterns like /admin* and specify which user roles have access with a simple comma-separated list.
The authorization levels give you fine-grained control: zkFree for anonymous access, zkProtected for authenticated users only, or zkIgnore to skip processing entirely. Failed authorization automatically redirects to your UnauthorizedURL or returns a 403 status (if the user is authenticated).
In WebStencils template you can now show or hide content based on user roles directly in your templates using, for example, @session.UserHasRole(‘admin’). This means you can show or hide entire sections of your template based on user permissions.
Better Hosting Options for Web Broker Applications
On top of this, we are also expanding your deployment options with FastCGI support, making it easier to work with modern web servers like NGINX. FastCGI applications run as separate processes, giving you better isolation and scalability compared to traditional approaches.
Plus, there’s improved logging support that works with your web server’s native logging system, whether you’re using Apache, IIS, or other hosting environments.
The Bottom Line
These aren’t just incremental improvements: they’re the building blocks for modern web applications. Session management, authentication, authorization, and flexible deployment options are going to be built into , letting you focus on building great features instead of plumbing.
WebStencils with HTMX – Free Guide Available
We’re excited to announce that our is now available in (newly translated!), joining our existing language options: , , , and both and. It’s packed with real examples and helpful tips for getting HTMX and WebStencils working together.
This blog post is based on a pre-release version of the RAD Studio software. No feature is committed until the product’s GA release.
Web development will get much easier with the upcoming enhancements in RAD Studio 13. We’ve been listening to your feedback, and we are rolling out new features that help you build secure web applications and services much faster.
Table of Contents
Session Management Made Simple
The new TWebSessionManager component gives you advanced session management right out of the box. Whether you need cookie-based sessions (the default), header-based, or query parameter sessions, all session data becomes available in WebStencils templates through the @session.xxx syntax.
What makes this really nice is the flexibility in session scoping. You can have unlimited sessions, one session per authenticated user, or even one session per user-IP combination for enhanced security. Sessions automatically expire after a configurable timeout, and you can easily store custom objects for each session directly in DataVars for easy access throughout your application.
Access is straightforward: TWebRequest.Session provides the current session in your Delphi or C++ code, allowing you to immediately start storing and retrieving your custom data without any setup code.
In WebStencils, access session data with @session.customObject, or use the handy shortcut @customObject syntax to get objects stored in DataVars without the longer session reference.
Authentication Without the Headache
Authentication used to mean writing a lot of boilerplate code. Not anymore. We’ve included two ready-to-use authenticators:
- TWebBasicAuthenticator for standard HTTP Basic Authentication
- TWebFormsAuthenticator for custom HTML form-based login flows
TWebFormsAuthenticator is particularly slick. It handles the entire login flow for you. Just set your LoginURL, FailedURL, and HomeURL properties, and it automatically redirects unauthenticated users to your login page, processes POST credentials, and sends users back to where they originally wanted to go using the returnUrl parameter. All you need to implement is the OnAuthenticate event to validate credentials against your user store.
procedure TMainWebModule.WebFormsAuthenticatorAuthenticate(Sender: TCustomWebAuthenticator; Request: TWebRequest; const UserName, Password: string; var Roles: string; var Success: Boolean); begin Success := False; Roles := ''; if ValidateUserCredentials(UserName, Password) then begin Success := True; Roles := GetUserRoles(UserName); end; end;
| procedure TMainWebModule.WebFormsAuthenticatorAuthenticate(Sender: TCustomWebAuthenticator; Request: TWebRequest; const UserName, Password: string; var Roles: string; var Success: Boolean); Success := False; Roles := ''; if ValidateUserCredentials(UserName, Password) then Success := True; Roles := GetUserRoles(UserName); |
Security isn’t just about knowing who your users are; it’s also about controlling what they can do. The new TWebAuthorizer component provides flexible role-based access control through authorization zones. You can protect entire sections of your application with URL patterns and specify which user roles have access. You can protect entire sections of your application with URL patterns like /admin* and specify which user roles have access with a simple comma-separated list.
The authorization levels give you fine-grained control: zkFree for anonymous access, zkProtected for authenticated users only, or zkIgnore to skip processing entirely. Failed authorization automatically redirects to your UnauthorizedURL or returns a 403 status (if the user is authenticated).
In WebStencils template you can now show or hide content based on user roles directly in your templates using, for example, @session.UserHasRole(‘admin’). This means you can show or hide entire sections of your template based on user permissions.
Better Hosting Options for Web Broker Applications
On top of this, we are also expanding your deployment options with FastCGI support, making it easier to work with modern web servers like NGINX. FastCGI applications run as separate processes, giving you better isolation and scalability compared to traditional approaches.
Plus, there’s improved logging support that works with your web server’s native logging system, whether you’re using Apache, IIS, or other hosting environments.
The Bottom Line
These aren’t just incremental improvements: they’re the building blocks for modern web applications. Session management, authentication, authorization, and flexible deployment options are going to be built into , letting you focus on building great features instead of plumbing.
WebStencils with HTMX – Free Guide Available
We’re excited to announce that our is now available in (newly translated!), joining our existing language options: , , , and both and. It’s packed with real examples and helpful tips for getting HTMX and WebStencils working together.
This blog post is based on a pre-release version of the RAD Studio software. No feature is committed until the product’s GA release.