Re: [Hypercontent-users] Further discussion on HC logout

[Alex V. <al...@bi...>]

On Mar 13, 2007, at 6:37 PM, tom tom wrote:

> Thanks Alex,
>
> Can there be other instances (internal or external)
> that mode=login is used apart from a force login where
> we give mode=login in the query string. I thought the
> only instance the code get executed if we give
> mode=login in the query string. That is why I have a
> if lock for that. I thought no need to introduce
> another parameter.

The reason I thought to introduce another parameter is that there may  
be circumstances where you only want to login the user if they are  
not already logged in - forcing the login unbinds all the form  
processors from their session, which could for example break back  
button compatibility for certain screens, so should be done  
judiciously.  Also, it is possible to execute command=Login (which  
runs this class) without mode=login, although generally when using  
CAS you will see the mode during login.  This is just a small detail  
that I think might make for a more generalizable solution!

>
> Any how let me know once you check in. Also think
> about the possibility of calling session.invalidate()
> which will be a cleaner approach to cleanout the
> session.
>
>
>
> I got a seperate question,
>
> In the Hypercontent Editing in the bottom, I can see a
> check box with the name styles, It got zero entries
> there.  Is it possible to hook our css into this so
> that all the styles get loaded into the combo box.

You can configure this in the project's /config/pipelines.xml by  
overriding the xml-edit pipeline.  This sample shows the  
configuration for the CAS web site, with css at /config/skins/cas/ 
styles.css

<pipeline name="xml" mode="xml-edit" basedir="/" content-type="text/ 
html" permissions="read,write">
	<open-file/>
	<bind-form processor="org.hypercontent.form.xml.XmlFormProcessor"  
as="xml-form"/>
	<exec stage="org.hypercontent.form.xml.XmlPrepStage"/>
	<exec stage="org.hypercontent.project.engine.stage.XSLTransformStage">
		<with-param name="source" value="/screens/modal-xml-tiny-mce.xsl"/>
		<with-param name="content-css" value="/config/skins/cas/styles.css"/>
		<with-param name="localize-with" value="/l10n/xml"/>
	</exec>
</pipeline>


Cheers,
Alex


>
>
> Thanks,
>
>
>
>
>
>
> --- Alex Vigdor <al...@bi...> wrote:
>
>> Hi Tom,
>> 	Your changes look fine.  For the code in CVS, I
>> might consider a
>> slightly less invasive approach where you would have
>> to specify that
>> you want to force login, e.g. with a request
>> parameter "force-
>> login=true"
>>
>>
>>
> if("true".equalsIgnoreCase(request.getParameter("force-login")))
>> {
>>          	session.logout();
>>          	session.cleanSubject();
>>          }
>>
>>          if(!session.isAuthenticated()){
>> ...
>>
>> Cheers,
>> Alex
>>
>> On Mar 8, 2007, at 11:57 PM, tom tom wrote:
>>
>>> Hi Alex,
>>>
>>> I did some code change, looks it's working but I
>> dont
>>> know the side effects, Please look at the changes,
>> If
>>> the following got side effects pls do let me know
>> a
>>> safe approach (I couldnt find any place to call
>>> HttpSession.invalidate() any how see the
>> following)
>>>
>>> 1) I introduced the following in the
>>> org.hypercontent.server.Session
>>>
>>> public void cleanSubject() {
>>>     	subject = new  Subject();
>>>
>> subject.getPrincipals().add(Anybody.instance);
>>> }
>>>
>>>
>>> 2) now the execute method in Login.java looks as
>>> follows, please observ that am calling
>>> session.logout(); and session.cleanSubject(); and
>> also
>>> executing the authentication unconditionaly.
>>>
>>>
>>>
>>> Please let me know about this change
>>>
>>> Thanks
>>>
>>>
>>>  public void execute(IRequest request) throws
>>> Exception {
>>>         //String user =
>> request.getParameter("user");
>>>         //String pass =
>> request.getParameter("pass");
>>>         Session session = request.getSession();
>>>
>>>
>>>         if
>>>
>>
> ("login".equalsIgnoreCase(request.getParameter("mode")))
>>> {
>>>         	session.logout();
>>>         	session.cleanSubject();
>>>         }
>>>
>>>         if (true){
>>>             CallbackHandler handler = new
>>> RequestCallbackHandler(request);
>>>             Subject subject =
>> session.getSubject();
>>>             LoginContext lc = new
>>> LoginContext("HyperContent", subject,handler);
>>>             try{
>>>                 lc.login();
>>>             }
>>>             catch(FailedLoginException e){
>>>                 failLogin(session);
>>>                 return;
>>>             }
>>>
>>>             IUser user = null;
>>>             String username = null;
>>>             Set set = subject.getPrincipals();
>>>             for(Iterator iterator=set.iterator();
>>> iterator.hasNext();){
>>>                 Object o = iterator.next();
>>>                 //System.out.println("Checking out
>>> principal "+o);
>>>                 Principal p = (Principal)o;
>>>
>>>                 if(!p.equals(Anybody.instance)){
>>>                     username = p.getName();
>>>                     System.out.println("User name
>> in
>>> if block is "+username);
>>>                     //let's translate generic
>>> principals into HyperContent Users and SuperUsers
>>>                     Set princs =
>>> subject.getPrincipals();
>>>                     princs.remove(p);
>>>                     user = getUserImpl(username);
>>>                     princs.add(user);
>>>
>> session.setAuthenticated(true);
>>>                     break;
>>>                 }
>>>             }
>>>             if(!session.isAuthenticated()){
>>>                 failLogin(session);
>>>             }
>>>             Logger.info(Strings.concat("User
>>> ",username," logged in"));
>>>         }
>>>         else{
>>>             failLogin(session);
>>>         }
>>> ....
>>> ....
>>> ...
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --- Alex Vigdor <al...@bi...> wrote:
>>>
>>>> Hi,
>>>> 	I think the problem may be traced to
>>>> org.hypercontent.server.commands.Login:  on line
>> 82
>>>> this class checks
>>>> whether the current session is already
>> authenticated
>>>> before running
>>>> authentication providers.  You might try
>> disabling
>>>> this check to see
>>>> if you get the desired behavior.  A more
>>>> sophisticated fix would, as
>>>> you suggest, run the authentication providers and
>>>> compare the results
>>>> with the existing authenticated user.
>>>>
>>>> Cheers,
>>>> 	Alex
>>>>
>>>> On Mar 7, 2007, at 10:56 PM, tom tom wrote:
>>>>
>>>>> Hi Alex,
>>>>>
>>>>> Sometime back I asked you a question regarding
>> HC
>>>>> logout and you cleared the doubts I had, I have
>>>>> attached the disucussion we had bottom of the
>>>> mail,
>>>>>
>>>>> (http://sourceforge.net/mailarchive/forum.php?
>>>>> thread_id=30987603&forum_id=38700)
>>>>>
>>>>>
>>>>> Well I thought I got more suggestions into this,
>>>>> Similar to the HC Link in the uPortal, we got
>>>> links
>>>>> for WebCT and Mail and Library etc all SSO
>> enabled
>>>> and
>>>>> also  all the links pops up in a new window with
>>>> the
>>>>> application. None of these got the issue we had
>>>> with
>>>>> HC  which describes in the bottom of this mail,
>>>> that
>>>>> is eventhough we dont close all the browser
>>>> instances,
>>>>> if we logout uPortal login back again as a
>>>> different
>>>>> user and click WebCT or Mail link it will not
>> pick
>>>> the
>>>>> previous user but the new user.
>>>>>
>>>>> I understand that Logging out of uPortal and CAS
>>>> does
>>>>> NOT terminate the browser's session with
>>>> HyperContent,
>>>>>
>>>>> but let me know whether following makes any
>> sense
>>
> === message truncated ===
>
>
>
>
> ______________________________________________________________________ 
> ______________
> Food fight? Enjoy some healthy debate
> in the Yahoo! Answers Food & Drink Q&A.
> http://answers.yahoo.com/dir/?link=list&sid=396545367
>