Latest news, useful features and tips for your Salesforce

Secure Custom Lightning Components: Practical Case

November 4, 2015

Today we’d like to talk about the client controller in custom Lightning components, and about transferring client data in particular.

Lightning applications are created with Lightning components: you may use standard Salesforce components, get them at AppExchange, or create your own. Having your own custom Lightning components gives you more flexibility, but you also need to consider data security issues.

A Lightning component has two controllers for working with backend: server (Apex.class) and client (JavaScript), which leads to two different approaches to security of the server and client controllers.
Salesforce developers of Lightning framework advise that in the security model for client controller you shouldn’t send user data to third party external domains.

Can we work around this limitation and make integrations with third-party applications? The answer is yes. According to Salesforce developers, there are two ways to integrate your custom component with third-party applications:

1) Move the user data transfer logic to the server controller (Apex.class), or
2) Use Visualforce connector in IFRAME.

As an exercise, we’ve combined both approaches when creating a custom Lightning component. Its main task is to prepare an employee for an upcoming business trip to the partner’s office.

Here’s the intended use case step by step:
1) The user indicates the time period of the business trip.
2) The user chooses the location of the office where he’s headed.

Custom Lightning Component

3) By pressing “Calculate” the user gets the information about the monetary compensation, office coordinates, the weather at the time of the trip, and information about the transportation means.

Custom Lightning Component

To show the location, we integrate with Google Maps via Visualforce connector in IFRAME. For the weather information, we integrate with, and the data is sent and received via the Apex controller.
This custom Lightning component provides integration with two third-party services, yet remains secure and complies with Salesforce standards. CodeSWAT developers appreciate challenging tasks.

If you have a need to develop a custom Lightning component, consider our experienced professionals. Simply drop us a line at, and we’ll get back to you with a quote that’s attractive in terms of price and the quality of solution.

Contact CodeSWAT