Re: [Hypercontent-users] Further discussion on HC logout

[tom t. <j_l...@ya...>]

Hi Alex,

I did some code change, looks it's working but I dont
know the side effects, Please look at the changes, If
the following got side effects pls do let me know a
safe approach (I couldnt find any place to call
HttpSession.invalidate() any how see the following)

1) I introduced the following in the 
org.hypercontent.server.Session

public void cleanSubject() {
    	subject = new  Subject();
    	subject.getPrincipals().add(Anybody.instance);
}


2) now the execute method in Login.java looks as
follows, please observ that am calling
session.logout(); and session.cleanSubject(); and also
executing the authentication unconditionaly.



Please let me know about this change

Thanks


 public void execute(IRequest request) throws
Exception {
        //String user = request.getParameter("user");
        //String pass = request.getParameter("pass");
        Session session = request.getSession();
        
        
        if
("login".equalsIgnoreCase(request.getParameter("mode")))
{
        	session.logout();
        	session.cleanSubject();
        }
       
        if (true){
            CallbackHandler handler = new
RequestCallbackHandler(request);
            Subject subject = session.getSubject();
            LoginContext lc = new
LoginContext("HyperContent", subject,handler);
            try{
                lc.login(); 
            }
            catch(FailedLoginException e){
                failLogin(session);
                return;
            }
            
            IUser user = null;
            String username = null;
            Set set = subject.getPrincipals();
            for(Iterator iterator=set.iterator();
iterator.hasNext();){
                Object o = iterator.next();
                //System.out.println("Checking out
principal "+o);
                Principal p = (Principal)o;
                
                if(!p.equals(Anybody.instance)){
                    username = p.getName();
                    System.out.println("User name in
if block is "+username);
                    //let's translate generic
principals into HyperContent Users and SuperUsers
                    Set princs =
subject.getPrincipals();
                    princs.remove(p);
                    user = getUserImpl(username);
                    princs.add(user);
                    session.setAuthenticated(true);
                    break;
                }
            }
            if(!session.isAuthenticated()){
                failLogin(session);
            }
            Logger.info(Strings.concat("User
",username," logged in"));
        }
        else{
            failLogin(session);
        }
....
....
...







--- Alex Vigdor <al...@bi...> wrote:

> Hi,
> 	I think the problem may be traced to  
> org.hypercontent.server.commands.Login:  on line 82
> this class checks  
> whether the current session is already authenticated
> before running  
> authentication providers.  You might try disabling
> this check to see  
> if you get the desired behavior.  A more
> sophisticated fix would, as  
> you suggest, run the authentication providers and
> compare the results  
> with the existing authenticated user.
> 
> Cheers,
> 	Alex
> 
> On Mar 7, 2007, at 10:56 PM, tom tom wrote:
> 
> > Hi Alex,
> >
> > Sometime back I asked you a question regarding HC
> > logout and you cleared the doubts I had, I have
> > attached the disucussion we had bottom of the
> mail,
> >
> > (http://sourceforge.net/mailarchive/forum.php? 
> > thread_id=30987603&forum_id=38700)
> >
> >
> > Well I thought I got more suggestions into this,
> > Similar to the HC Link in the uPortal, we got
> links
> > for WebCT and Mail and Library etc all SSO enabled
> and
> > also  all the links pops up in a new window with
> the
> > application. None of these got the issue we had
> with
> > HC  which describes in the bottom of this mail,
> that
> > is eventhough we dont close all the browser
> instances,
> > if we logout uPortal login back again as a
> different
> > user and click WebCT or Mail link it will not pick
> the
> > previous user but the new user.
> >
> > I understand that Logging out of uPortal and CAS
> does
> > NOT terminate the browser's session with
> HyperContent,
> >
> > but let me know whether following makes any sense
> >
> > uPortal channel got a link to HC as follows
> >
> >   http://<HC server>/hypercontent?mode=login
> >
> > this guarantees(because mode=login) that HC will
> again
> > contact CAS by calling serviceValidate, the
> > serviceValidate will give the CAS XML with uid and
> > other attributes.
> >
> > Isnt it possible to cross check the this uid with
> the
> > session userId and if different call the session
> > invalidate() method or throw out a error,
> >
> >
> > Please let me know if am in the wrong track, What
> my
> > objective is to get HC logout behaviour similar to
> the
> > WebCT and mail so that everything look consistent.
> >
> > Thanks
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -------------FROM A PREVIOUS
> > MAIL--------------------------
> >
> >  I observed the following behaviour (defect ?) in
> HC
> >  while doing the following.
> >
> >
> >  HC is casified and working fine with CAS and
> uPortal.
> >  Users login to uPortal via CAS and one of uPortal
> >  channel got a link to HC. Look at the following
> use
> >  case.
> >
> >  1) user 'AUTHOR_HC' login to uPortal via
> >  CAS.(authentication is successful)
> >
> >  2)clicks HC link to edit content
> >
> >  3)HC opens in a new window with 'You are logged
> in as
> >  AUTHOR_HC'
> >
> >  4) user edits contents and saves
> >
> >  5) closes the HC browser window (wihout pressing
> >  logout link in HC).
> >
> >  6) user presses uPortal logout which in turn call
> the
> >  cas/logout
> >
> >  7) Different user login to uPortal via CAS as
> user
> >  'APPOVER_HC'
> >
> >  8) click the HC link in uPortal, HC opens in a
> new
> >  browser Window ..............
> >
> > But still it shows the previous users welcome
> message
> > which is 'You are logged in as AUTHOR_HC'
> >
> > Why doesnt the HC cleans out everything. Is this a
> > limitation?
> > Different users can use the same workstation in
> our
> > case.
> >
> > Alex's answer
> > -------------
> >
> >
> > This is the expected behavior. Logging out of
> uPortal
> > and CAS does
> > NOT terminate the browser's session with
> HyperContent.
> > The user must
> > close all browser windows for the session cookies
> to
> > be cleared.
> > This should be clearly conveyed to the user.
> Single
> > Sign Out, the
> > ability for the user to log out of CAS and all
> > applications that use
> > CAS for login, is a planned feature for a future
> CAS
> > release.
> >
> >
> >
> >
> >
>
______________________________________________________________________
> 
> > ______________
> > It's here! Your new message!
> > Get new email alerts with the free Yahoo! Toolbar.
> >
> http://tools.search.yahoo.com/toolbar/features/mail/
> >
> 
> 
>
-------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get
> the chance to share your
> opinions on IT & business topics through brief
> surveys-and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Hypercontent-users mailing list
> Hyp...@li...
>
https://lists.sourceforge.net/lists/listinfo/hypercontent-users
> 



 
____________________________________________________________________________________
Now that's room service!  Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097