Re: [Hypercontent-users] Further discussion on HC logout

[tom t. <j_l...@ya...>]

Hi Alex,

I did some code change, looks it's working but I dont
know the side effects, Please look at the changes, If
the following got side effects pls do let me know a
safe approach

1) I introduced the following in the 
org.hypercontent.server.Session

public void cleanSubject() {
    	subject = new  Subject();
    	subject.getPrincipals().add(Anybody.instance);
}


2) now the execute method in Login.java looks as
follows, please observ that am calling
session.logout(); and session.cleanSubject(); and also
executing the authentication unconditionaly.



Please let me know about this change

Thanks


 public void execute(IRequest request) throws
Exception {
        //String user = request.getParameter("user");
        //String pass = request.getParameter("pass");
        Session session = request.getSession();
        
        
        if
("login".equalsIgnoreCase(request.getParameter("mode")))
{
        	session.logout();
        	session.cleanSubject();
        }
       
        if (true){
            CallbackHandler handler = new
RequestCallbackHandler(request);
            Subject subject = session.getSubject();
            LoginContext lc = new
LoginContext("HyperContent", subject,handler);
            try{
                lc.login(); 
            }
            catch(FailedLoginException e){
                failLogin(session);
                return;
            }
            
            IUser user = null;
            String username = null;
            Set set = subject.getPrincipals();
            for(Iterator iterator=set.iterator();
iterator.hasNext();){
                Object o = iterator.next();
                //System.out.println("Checking out
principal "+o);
                Principal p = (Principal)o;
                
                if(!p.equals(Anybody.instance)){
                    username = p.getName();
                    System.out.println("User name in
if block is "+username);
                    //let's translate generic
principals into HyperContent Users and SuperUsers
                    Set princs =
subject.getPrincipals();
                    princs.remove(p);
                    user = getUserImpl(username);
                    princs.add(user);
                    session.setAuthenticated(true);
                    break;
                }
            }
            if(!session.isAuthenticated()){
                failLogin(session);
            }
            Logger.info(Strings.concat("User
",username," logged in"));
        }
        else{
            failLogin(session);
        }
....
....
...






--- tom tom <j_l...@ya...> wrote:

> I did the change but the problem still remains the
> same,
> 
> It looks to me new Principal does not replace the
> existing one.
> 
> Some how old stuff remains the same
> 
> Thanks
> 
> 
> --- Alex Vigdor <al...@bi...> wrote:
> 
> > Hi,
> > 	I think the problem may be traced to  
> > org.hypercontent.server.commands.Login:  on line
> 82
> > this class checks  
> > whether the current session is already
> authenticated
> > before running  
> > authentication providers.  You might try disabling
> > this check to see  
> > if you get the desired behavior.  A more
> > sophisticated fix would, as  
> > you suggest, run the authentication providers and
> > compare the results  
> > with the existing authenticated user.
> > 
> > Cheers,
> > 	Alex
> > 
> > On Mar 7, 2007, at 10:56 PM, tom tom wrote:
> > 
> > > Hi Alex,
> > >
> > > Sometime back I asked you a question regarding
> HC
> > > logout and you cleared the doubts I had, I have
> > > attached the disucussion we had bottom of the
> > mail,
> > >
> > > (http://sourceforge.net/mailarchive/forum.php? 
> > > thread_id=30987603&forum_id=38700)
> > >
> > >
> > > Well I thought I got more suggestions into this,
> > > Similar to the HC Link in the uPortal, we got
> > links
> > > for WebCT and Mail and Library etc all SSO
> enabled
> > and
> > > also  all the links pops up in a new window with
> > the
> > > application. None of these got the issue we had
> > with
> > > HC  which describes in the bottom of this mail,
> > that
> > > is eventhough we dont close all the browser
> > instances,
> > > if we logout uPortal login back again as a
> > different
> > > user and click WebCT or Mail link it will not
> pick
> > the
> > > previous user but the new user.
> > >
> > > I understand that Logging out of uPortal and CAS
> > does
> > > NOT terminate the browser's session with
> > HyperContent,
> > >
> > > but let me know whether following makes any
> sense
> > >
> > > uPortal channel got a link to HC as follows
> > >
> > >   http://<HC server>/hypercontent?mode=login
> > >
> > > this guarantees(because mode=login) that HC will
> > again
> > > contact CAS by calling serviceValidate, the
> > > serviceValidate will give the CAS XML with uid
> and
> > > other attributes.
> > >
> > > Isnt it possible to cross check the this uid
> with
> > the
> > > session userId and if different call the session
> > > invalidate() method or throw out a error,
> > >
> > >
> > > Please let me know if am in the wrong track,
> What
> > my
> > > objective is to get HC logout behaviour similar
> to
> > the
> > > WebCT and mail so that everything look
> consistent.
> > >
> > > Thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > -------------FROM A PREVIOUS
> > > MAIL--------------------------
> > >
> > >  I observed the following behaviour (defect ?)
> in
> > HC
> > >  while doing the following.
> > >
> > >
> > >  HC is casified and working fine with CAS and
> > uPortal.
> > >  Users login to uPortal via CAS and one of
> uPortal
> > >  channel got a link to HC. Look at the following
> > use
> > >  case.
> > >
> > >  1) user 'AUTHOR_HC' login to uPortal via
> > >  CAS.(authentication is successful)
> > >
> > >  2)clicks HC link to edit content
> > >
> > >  3)HC opens in a new window with 'You are logged
> > in as
> > >  AUTHOR_HC'
> > >
> > >  4) user edits contents and saves
> > >
> > >  5) closes the HC browser window (wihout
> pressing
> > >  logout link in HC).
> > >
> > >  6) user presses uPortal logout which in turn
> call
> > the
> > >  cas/logout
> > >
> > >  7) Different user login to uPortal via CAS as
> > user
> > >  'APPOVER_HC'
> > >
> > >  8) click the HC link in uPortal, HC opens in a
> > new
> > >  browser Window ..............
> > >
> > > But still it shows the previous users welcome
> > message
> > > which is 'You are logged in as AUTHOR_HC'
> > >
> > > Why doesnt the HC cleans out everything. Is this
> a
> > > limitation?
> > > Different users can use the same workstation in
> > our
> > > case.
> > >
> > > Alex's answer
> > > -------------
> > >
> > >
> > > This is the expected behavior. Logging out of
> > uPortal
> > > and CAS does
> > > NOT terminate the browser's session with
> > HyperContent.
> > > The user must
> > > close all browser windows for the session
> cookies
> > to
> > > be cleared.
> > > This should be clearly conveyed to the user.
> > Single
> > > Sign Out, the
> > > ability for the user to log out of CAS and all
> > > applications that use
> > > CAS for login, is a planned feature for a future
> > CAS
> > > release.
> > >
> > >
> > >
> > >
> > >
> >
>
______________________________________________________________________
> > 
> > > ______________
> 
=== message truncated ===



 
____________________________________________________________________________________
It's here! Your new message!  
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/