0

I want to extend a common security check to nearly every view of my application. To do this, I have made this class

public class ProtectedActivity extends ActivityBase {
    boolean isAuthenticated = false;

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        Thread validationThread = new Thread()
        {
            @Override
            public void run() 
            {
                try
                {
                    isAuthenticated = UserService.validateToken();
                }
                catch (FTNIServiceException e)
                {
                    //eat it
                }
                finally 
                {
                    if (!isAuthenticated)
                    {
                        startActivity(new Intent(ProtectedActivity.this, SignInActivity.class));
                        finish();
                    }
                }
            }
        };

        validationThread.start();
    }
}

The logic is simple. Validate the user against my restful api to make sure they are signed in. If they aren't, show them to the signin page.

This works great, because to add the security check, all I need to do is inherit from my ProtectedActivity. 

public class MainMenuActivity extends ProtectedActivity{
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

    }
}

The problem is, however, that I periodically receive View not attached to window manager errors. I understand why this is happening. I am starting a new intent in the parent class, and the child lives on. to attempt to alter it's view even though a new intent has started. What is a better way to handle this so that if a user is not authenticated (such as their session expires serverside), it won't error when sending the user to the sign in screen?

Improve this question

1 Answer 1

Reset to default
1

Don't you Thread. Use AsyncTask instead which should handle your references to windows correctly.

On a different note, I would change this to a different implementation. Why don't use the Preferences storage on the phone to store some kind token. If the token is not valid then request a new token and all the stuff you are doing currently. This way is better because you don't want to request a REST call every time.

I imagine something like this (pseudo code)

  1. Check if credentials exist in Preference
  2. if(valid) then do nothing
  3. else use AsyncTask and pop up a loader screen "Waiting..."
Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

I'm using a cookie set server side to enforce expiration. I didn't want to reinvent the wheel with storing a token and passing it back with every single query. Thanks for your input. I'll give the async task a try. I tried it in other parts of my app where I had to modify the UI after the other thread completed, and that caused the same errors. In the example above I'm not altering the UI here, but in the child class I am. This is just shipping the user off if they aren't authenticated.
You implementation isn't solid because if the network call fails then the user is booted off and has to start the authentication all over again. oAuth already does everything and it has been proven to be secured. This is what facebook, foursquare, twitter and many other large social networks do. If your application is being used by millions of users, I don't think you would want to request a new call on every activity, would you?
Give AsyncTask a try. You also need to KILL the thread if the activity is about to end but the thread is still working. TBH, I really think all this threading is an overkill. It over complicated your app. The only reason you are getting this error is because thread are asynchronous and trying to finish() the activity even after it has ended. :( Good luck.
It's very interesting, but when I use asynctask, my user is not always validated, even though I am signed in and have a valid session server-side. Using the method above, it works as it should. I suspect my HttpClient needs to be volatile to sustain the active session.
Thats right. Only the UI thread can modify the UI... On Purpose. It's a Design Feature, not a bug. Don't treat it like one.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.