Security Client Package

The Morfik Security Client package provides all the features of the standard Morfik Security Package but allows a number of Morfik XApps to share a central database for storing common security information. For documentation of the standard Morfik Security package please refer to this document.

Before you can use the Security Client package, you must have an XApp (the Base XApp) running that includes the full standard Security package since the Security Client XApp (Client XApp) must have a full Security package with which to communicate. The Security Clietn package is not intended for standalone usage.


A Quick Walkthrough

To use the Security Client package simply add the package to the project by utilizing the “Used Packages” command on the project ribbon (see Figure 1 Used Packages Command), or simply drag the package file onto the application main client area. Once added seven widgets will appear on the home ribbon when the form designer is active (see Figure 2 Widget Gallery). These widgets can be placed on application forms and provide immediate functionality with minimal coding.

Figure 1: Used Packages Command

The quickest way to utilize this package is to place a Login Bar widget on your form and set the properties discussed below.

Figure 2: Widget Gallery

To use the package, you will first need to set the ProxyRemoteURL on the server side (the XApp OnStart event is recommended) and include the mfk_SecUtil unit.

FX Code

Uses mfk_SecUtil;
Procedure ClientOnlyXApp.XAppStart(Sender: TObject);
    ProxyRemoteURL := ‘’;

Please refer to the discussion on testing below.

Access to Security Management Functions

Most of the administrative functions for the Security package take place in the Base XApp. As you can see in figure 3, only the Access Rules tab is available in the Client XApp. The Access Rules tab allows an administrator to control access to the local resources of the Client XApp. Access rules defined in the Base XApp are not applied to the Client XApp.

Figure 3: Security Management functions in the Client XApp

Figure 4 shows the dialog box for adding or editing an access rule. Unlike the same dialog box in the Base XApp, the dropdown list for Roles and Users may not be populated and the values will need to typed in correctly to match the available ones in the Base XApp.

Figure 4: Access Rules dialog box

The Security Client System

The client-only package obtains all its functionality from a new security provider class (TProxySecurityProvider) that descends from the TFBSecurityProvider class. This provider acts as a proxy interface to the Base XApp’s security web methods, accessible via SOAP.

Figure 5: Security Client package acting as a proxy

A security request made by the browser will first go to the Client XApp server; TProxySecurityProvider then sends the request off to the Base XApp where it is handled and a response is sent back. Note that requests regarding access rules are handled locally and not passed up to the Base XApp.

Testing a Client XApp

It is possible to test a Client XApp locally using the following simple steps:

  1. Create a Base XApp as a standalone executable and add the Full Security Package.
  2. Add the Login Bar widget to the Base XApp.
  3. Run the Base XApp, login as Admin and add Users and Roles.
  4. Close the Base XApp.
  5. Create a new Client XApp as a standalone executable and add the “Client Only” Security package.
  6. On the Project Options in the Server page, change the HTTP port to a different number (e.g. 9009).
  7. Add the Login Bar widget to the Client XApp.
  8. In the XApp OnStart event, set “ProxyRemoteURL := ‘’;”
  9. Launch the Base XApp from the command line or by double-clicking on it in Windows Explorer. (Note: you may have to use the Windows Task Manager to stop the Base XApp when done.)
  10. Now run the Client XApp in the Morfik IDE, click on “Login” and you should be able to successfully enter a user name and password configured in the Base XApp.

Using a Single Login for Multiple XApps

Once a Base XApp is set up, all your XApps connecting to your Base XApp run off the same database (you can set up as many client XApps as you like). A user created in one XApp is already a user in another. Similarly, if a session is created (a user logs in), that session is valid for any XApp using the same base. You will need to LoginBySessionID for each XApp however, but the mfk_secSessionID cookie can be particularly handy in this case.

See Also

Back to top