Re: [Hypercontent-users] Further discussion on HC logout
Brought to you by:
alexvigdor
Menu
▾
▴
Re: [Hypercontent-users] Further discussion on HC logout
|
From: tom t. <j_l...@ya...> - 2007-03-13 22:37:14
|
Thanks Alex,
Can there be other instances (internal or external)
that mode=login is used apart from a force login where
we give mode=login in the query string. I thought the
only instance the code get executed if we give
mode=login in the query string. That is why I have a
if lock for that. I thought no need to introduce
another parameter.
Any how let me know once you check in. Also think
about the possibility of calling session.invalidate()
which will be a cleaner approach to cleanout the
session.
I got a seperate question,
In the Hypercontent Editing in the bottom, I can see a
check box with the name styles, It got zero entries
there. Is it possible to hook our css into this so
that all the styles get loaded into the combo box.
Thanks,
--- Alex Vigdor <al...@bi...> wrote:
> Hi Tom,
> Your changes look fine. For the code in CVS, I
> might consider a
> slightly less invasive approach where you would have
> to specify that
> you want to force login, e.g. with a request
> parameter "force-
> login=true"
>
>
>
if("true".equalsIgnoreCase(request.getParameter("force-login")))
> {
> session.logout();
> session.cleanSubject();
> }
>
> if(!session.isAuthenticated()){
> ...
>
> Cheers,
> Alex
>
> On Mar 8, 2007, at 11:57 PM, tom tom wrote:
>
> > Hi Alex,
> >
> > I did some code change, looks it's working but I
> dont
> > know the side effects, Please look at the changes,
> If
> > the following got side effects pls do let me know
> a
> > safe approach (I couldnt find any place to call
> > HttpSession.invalidate() any how see the
> following)
> >
> > 1) I introduced the following in the
> > org.hypercontent.server.Session
> >
> > public void cleanSubject() {
> > subject = new Subject();
> >
> subject.getPrincipals().add(Anybody.instance);
> > }
> >
> >
> > 2) now the execute method in Login.java looks as
> > follows, please observ that am calling
> > session.logout(); and session.cleanSubject(); and
> also
> > executing the authentication unconditionaly.
> >
> >
> >
> > Please let me know about this change
> >
> > Thanks
> >
> >
> > public void execute(IRequest request) throws
> > Exception {
> > //String user =
> request.getParameter("user");
> > //String pass =
> request.getParameter("pass");
> > Session session = request.getSession();
> >
> >
> > if
> >
>
("login".equalsIgnoreCase(request.getParameter("mode")))
> > {
> > session.logout();
> > session.cleanSubject();
> > }
> >
> > if (true){
> > CallbackHandler handler = new
> > RequestCallbackHandler(request);
> > Subject subject =
> session.getSubject();
> > LoginContext lc = new
> > LoginContext("HyperContent", subject,handler);
> > try{
> > lc.login();
> > }
> > catch(FailedLoginException e){
> > failLogin(session);
> > return;
> > }
> >
> > IUser user = null;
> > String username = null;
> > Set set = subject.getPrincipals();
> > for(Iterator iterator=set.iterator();
> > iterator.hasNext();){
> > Object o = iterator.next();
> > //System.out.println("Checking out
> > principal "+o);
> > Principal p = (Principal)o;
> >
> > if(!p.equals(Anybody.instance)){
> > username = p.getName();
> > System.out.println("User name
> in
> > if block is "+username);
> > //let's translate generic
> > principals into HyperContent Users and SuperUsers
> > Set princs =
> > subject.getPrincipals();
> > princs.remove(p);
> > user = getUserImpl(username);
> > princs.add(user);
> >
> session.setAuthenticated(true);
> > break;
> > }
> > }
> > if(!session.isAuthenticated()){
> > failLogin(session);
> > }
> > Logger.info(Strings.concat("User
> > ",username," logged in"));
> > }
> > else{
> > failLogin(session);
> > }
> > ....
> > ....
> > ...
> >
> >
> >
> >
> >
> >
> >
> > --- Alex Vigdor <al...@bi...> wrote:
> >
> >> Hi,
> >> I think the problem may be traced to
> >> org.hypercontent.server.commands.Login: on line
> 82
> >> this class checks
> >> whether the current session is already
> authenticated
> >> before running
> >> authentication providers. You might try
> disabling
> >> this check to see
> >> if you get the desired behavior. A more
> >> sophisticated fix would, as
> >> you suggest, run the authentication providers and
> >> compare the results
> >> with the existing authenticated user.
> >>
> >> Cheers,
> >> Alex
> >>
> >> On Mar 7, 2007, at 10:56 PM, tom tom wrote:
> >>
> >>> Hi Alex,
> >>>
> >>> Sometime back I asked you a question regarding
> HC
> >>> logout and you cleared the doubts I had, I have
> >>> attached the disucussion we had bottom of the
> >> mail,
> >>>
> >>> (http://sourceforge.net/mailarchive/forum.php?
> >>> thread_id=30987603&forum_id=38700)
> >>>
> >>>
> >>> Well I thought I got more suggestions into this,
> >>> Similar to the HC Link in the uPortal, we got
> >> links
> >>> for WebCT and Mail and Library etc all SSO
> enabled
> >> and
> >>> also all the links pops up in a new window with
> >> the
> >>> application. None of these got the issue we had
> >> with
> >>> HC which describes in the bottom of this mail,
> >> that
> >>> is eventhough we dont close all the browser
> >> instances,
> >>> if we logout uPortal login back again as a
> >> different
> >>> user and click WebCT or Mail link it will not
> pick
> >> the
> >>> previous user but the new user.
> >>>
> >>> I understand that Logging out of uPortal and CAS
> >> does
> >>> NOT terminate the browser's session with
> >> HyperContent,
> >>>
> >>> but let me know whether following makes any
> sense
>
=== message truncated ===
____________________________________________________________________________________
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
http://answers.yahoo.com/dir/?link=list&sid=396545367
|
