turbine-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Selders <bart.seld...@ibanx.nl>
Subject Re: user is nulled out on login attempt
Date Fri, 01 Feb 2008 08:56:07 GMT
Hi,

There is a SessionService available that is able to keep track of active 
HTTP sessions.
See 
http://turbine.apache.org/turbine/development/turbine-2.3/apidocs/org/apache/turbine/services/session/TurbineSessionService.html
You need to configure it in your web.xml  as well.

In combination with a custom SessionValidator and/or custom LoginAction 
you can easily check if an user is not logged in twice.

Cheers,

Bart

Jeffery Painter wrote:
> hmm... If this is the case, then I recall this was asked/addressed a few
> years back. I would look through the archives again (looking specifically
> for detecting more than one active login) - it seems someone wrote a tool
> to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
> other old timers can remember better than I.
>
>
> --
> Jeffery Painter
>
>
>   
>> Hi,
>>
>> When you say "already logged in" - do you want to check if the user is
>> logged in from another computer ? If that is the case, your user object
>> WILL
>> NOT show up in the session for the current browser.
>>
>> To implement this functionality, you will have to keep track of logged in
>> users through some separate mechanism (like say a HashSet into which you
>> add
>> any new user that logs in - first check if the user is present in the
>> HashSet, and if so direct them to a page that says they're already logged
>> in, otherwise log them in and add them to this HashSet) .
>>
>> You would also need to keep track of when a user logs out and when a
>> session
>> times out, so that you can remove the user from this HashSet when either
>> of
>> these occur. Check out the HttpSessionBindingListener interface. The
>> easiest
>> way is for your User object to implement this interface and Add / Remove
>> itself from the HashSet when the valueBound() / valueUnbound() methods are
>> called respectively.
>>
>> BK
>>
>>
>> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
>> nathan.shaw-1@nasa.gov> wrote:
>>
>>     
>>> Thanks Jeffrey,
>>>
>>> The problem is not in logging a user in... the action I have is doing
>>> that
>>> just fine. The problem is when you try to detect if a user calling the
>>> login
>>> action is ALREADY logged in or not (in this case, we have guest users
>>> coming
>>> in from another site).
>>>
>>> I want to make it so if the user is already logged in, it does not log
>>> them in again. However, when I test the User returned in the doperform()
>>> method in my login action, it is always NULL. It appears that something
>>> up
>>> the chain is wiping the User object and the session.
>>>
>>> --Nathan
>>>
>>>
>>> -----Original Message-----
>>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>>> Sent: Thu 1/31/2008 1:08 PM
>>> To: Turbine Users List
>>> Subject: RE: user is nulled out on login attempt
>>>
>>>
>>> I had used Turbine to build a prototype of an electronic health record
>>> system.
>>>
>>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>>> custom
>>> login action is here:
>>>
>>>
>>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/edu/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content-type=text/vnd.viewcvs-markup
>>>
>>> Maybe that will give you some insight... it worked last time I ran the
>>> code but that was Dec 2006...
>>>
>>> Hope it helps
>>>
>>> --
>>> Jeffery Painter
>>> Knowledge Engineer
>>> Semantic Technologies Group
>>> Statistical and Quantitative Sciences
>>> GlaxoSmithKline Research and Development
>>>
>>>
>>>       
>>>> I don't get that. The test is if the user is NOT null.
>>>>
>>>> Anyway, it does work. I took it from my SNA login code (our first
>>>> Turbine project.)
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 12:17 PM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> I don't think that will work because that will mean that the user is
>>>> null and is not logged in at all. It will actually probably be caught
>>>>         
>>> by
>>>       
>>>> the SessionValidator and just take them back to the login page.
>>>>
>>>> I am actually checking the User object and outputting whether it is
>>>>         
>>> null
>>>       
>>>> or not in the login action. I tried both getUser() and
>>>> getUserFromSession() and they are both NULL every single time a login
>>>>         
>>> is
>>>       
>>>> attempted. Something up the chain is clearing all of that out before
>>>>         
>>> the
>>>       
>>>> login occurs.
>>>>
>>>> --Nathan
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>>>> [mailto:bruce.altner-1@nasa.gov]
>>>> Sent: Thu 1/31/2008 9:29 AM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> How about just doing this, early in the Login action doPerform method
>>>> (first thing?):
>>>>
>>>>
>>>>         if ( data.getUserFromSession() != null )
>>>>         {
>>>>             return;
>>>>         }
>>>>
>>>>
>>>> Bruce
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 8:35 AM
>>>> To: user@turbine.apache.org
>>>> Subject: user is nulled out on login attempt
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> I am writing my own login action and need to be able to check to see
>>>>         
>>> if
>>>       
>>>> a user is already logged in when the action is called. If they are, I
>>>> want to skip the login stuff to preserve their session. However, every
>>>> single time that the login action is called, the User object is coming
>>>> back NULL.
>>>>
>>>> Here is a code snippet. Does anyone have any idea WHY the user is
>>>>         
>>> coming
>>>       
>>>> back NULL? I assume something is happening in Turbine somewhere that
>>>> wipes the User on a login attempt or something?
>>>>
>>>>
>>>> public class OutageCalLoginUser extends LoginUser  {
>>>>
>>>> public void doPerform( RunData data, Context context) throws Exception
>>>>         
>>> {
>>>       
>>>>     String uname ;
>>>>     String passwd ;
>>>>
>>>>     System.out.println("doPerform(data, context)");
>>>>     if ( data.getUserFromSession() == null ){
>>>>       System.out.println("user from session is null");
>>>>     }else{
>>>>       System.out.println("user from session is NOT null");
>>>>     }
>>>>
>>>>     if(data.getUser() == null){
>>>>       System.out.println("user is null");
>>>>     }else{
>>>>       System.out.println("user is NOT null");
>>>>       if(data.getUser().hasLoggedIn()){
>>>>               System.out.println("user is logged in");
>>>>         }else{
>>>>               System.out.println("user is NOT logged in");
>>>>         }
>>>>     }
>>>>
>>>>
>>>>     if((data.getUser() == null) || (data.getUser() != null &&
>>>> data.getUser().hasLoggedIn() == false)){
>>>>
>>>>           try {
>>>>             SymEncDec enc = SymEncDec.getInstance();
>>>>
>>>>             // Username/password = username/pswd coming through front
>>>> door.
>>>>             // User coming from elsewhere will have neither username
>>>> nor pswd.
>>>>             String username = data.getParameters().get("username");
>>>>             String pswd = data.getParameters().get("password");
>>>>
>>>>             // If username exists, user came in the front door.
>>>>             if (username != null && username.length()>0) {
>>>>                 uname = username;
>>>>                 passwd = pswd;
>>>>             }else {
>>>>                 uname = "guest";
>>>>                 String encryptedPasswd =
>>>> TurbineResources.getString("guest.credential");
>>>>                 passwd = encryptedPasswd;
>>>>                 //enc.decodeBase64Decrypt(encryptedPasswd);
>>>>             }
>>>>             // Log the user in
>>>>             doLogin(data, uname, passwd);
>>>>
>>>>             try {
>>>>               Utils.getUserID(data);
>>>>             }
>>>>             catch (NullPointerException npe) {
>>>>               throw new TurbineSecurityException("Bad username or
>>>> password, I say!");
>>>>             }
>>>>
>>>>           }
>>>>           catch ( TurbineSecurityException se ) {
>>>>             badUserOrPassword(se, data);
>>>>           }
>>>>           catch (Exception e) {
>>>>             throw new PortalVelocityException(e.getMessage()=ull?":
>>>> "+e.getMessage():e.getMessage(),
>>>>               e.getCause()=ull?e:e.getCause(), data);
>>>>           }
>>>>
>>>>     }
>>>>   }
>>>>
>>>> }
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>>         
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>
>>>
>>>
>>>
>>>       
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
>
*************************************************************************
The information contained in this communication is confidential and is intended solely for
the use of the individual or entity to  whom it is addressed.You should not copy, disclose
or distribute this communication without the authority of iBanx bv. iBanx bv is neither liable
for the proper and complete transmission of the information has been maintained nor that the
communication is free of viruses, interceptions or interference. 

If you are not the intended recipient of this communication please return the communication
to the sender and delete and destroy all copies. 
   



Mime
View raw message