turbine-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Altner <bruce.altne...@nasa.gov>
Subject Re: user is nulled out on login attempt
Date Fri, 01 Feb 2008 00:54:05 GMT
Nte:

I was looking at a clas I'd written for SNA (SNALogin.java, clever name,
huh?) which authenticated against the ACE server (token-based). Here is a
comment from that file for the javadoc:

     * <p><em>Note: Turbine clears the session before calling this
     * method</em></p>

I also took up your challenge when I had time this afternoon and built the
outage calendar locally and you are right...my code snippet which was
supposed to exit the method if data.getUserFromSession() != null failed to
solve the problem, so I think you are right, this happens "higher up" in the
framework.

I can't shake the memory that I solved this already (SNA) but it's not
readily apparent fom the code how I did this. Maybe I never did and only
wished that I had!

Bruce

On 1/31/08 7:24 PM, "Shaw, Nathan (HQ-LD070)[InDyne, Inc]"
<nathan.shaw-1@nasa.gov> wrote:

> Yeah, I saw that post about tracking multiple sessions. Unfortunately, that is
> not what I want. I simply want to check if the user is logged in on the same
> machine. I am not worried about tracking multiple sessions.
> 
> For some reason, when a new login attempt is made, Turbine is clearing the
> User object and session. I basically want to be able to check to see if the
> user is already logged in when they access the login action. If they are, skip
> the login, as they are already logged in. If not, try to log them in.
> 
> 
> 
> 
> -----Original Message-----
> From: Jeffery Painter [mailto:painter@kiasoft.com]
> Sent: Thu 1/31/2008 6:03 PM
> To: Turbine Users List
> Subject: Re: user is nulled out on login attempt
>  
> 
> hmm... If this is the case, then I recall this was asked/addressed a few
> years back. I would look through the archives again (looking specifically
> for detecting more than one active login) - it seems someone wrote a tool
> to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
> other old timers can remember better than I.
> 
> 
> --
> Jeffery Painter
> 
> 
>> Hi,
>> 
>> When you say "already logged in" - do you want to check if the user is
>> logged in from another computer ? If that is the case, your user object
>> WILL
>> NOT show up in the session for the current browser.
>> 
>> To implement this functionality, you will have to keep track of logged in
>> users through some separate mechanism (like say a HashSet into which you
>> add
>> any new user that logs in - first check if the user is present in the
>> HashSet, and if so direct them to a page that says they're already logged
>> in, otherwise log them in and add them to this HashSet) .
>> 
>> You would also need to keep track of when a user logs out and when a
>> session
>> times out, so that you can remove the user from this HashSet when either
>> of
>> these occur. Check out the HttpSessionBindingListener interface. The
>> easiest
>> way is for your User object to implement this interface and Add / Remove
>> itself from the HashSet when the valueBound() / valueUnbound() methods are
>> called respectively.
>> 
>> BK
>> 
>> 
>> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
>> nathan.shaw-1@nasa.gov> wrote:
>> 
>>> Thanks Jeffrey,
>>> 
>>> The problem is not in logging a user in... the action I have is doing
>>> that
>>> just fine. The problem is when you try to detect if a user calling the
>>> login
>>> action is ALREADY logged in or not (in this case, we have guest users
>>> coming
>>> in from another site).
>>> 
>>> I want to make it so if the user is already logged in, it does not log
>>> them in again. However, when I test the User returned in the doperform()
>>> method in my login action, it is always NULL. It appears that something
>>> up
>>> the chain is wiping the User object and the session.
>>> 
>>> --Nathan
>>> 
>>> 
>>> -----Original Message-----
>>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>>> Sent: Thu 1/31/2008 1:08 PM
>>> To: Turbine Users List
>>> Subject: RE: user is nulled out on login attempt
>>> 
>>> 
>>> I had used Turbine to build a prototype of an electronic health record
>>> system.
>>> 
>>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>>> custom
>>> login action is here:
>>> 
>>> 
>>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/ed
>>> u/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content
>>> -type=text/vnd.viewcvs-markup
>>> 
>>> Maybe that will give you some insight... it worked last time I ran the
>>> code but that was Dec 2006...
>>> 
>>> Hope it helps
>>> 
>>> --
>>> Jeffery Painter
>>> Knowledge Engineer
>>> Semantic Technologies Group
>>> Statistical and Quantitative Sciences
>>> GlaxoSmithKline Research and Development
>>> 
>>> 
>>>> I don't get that. The test is if the user is NOT null.
>>>> 
>>>> Anyway, it does work. I took it from my SNA login code (our first
>>>> Turbine project.)
>>>> 
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 12:17 PM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>> 
>>>> I don't think that will work because that will mean that the user is
>>>> null and is not logged in at all. It will actually probably be caught
>>> by
>>>> the SessionValidator and just take them back to the login page.
>>>> 
>>>> I am actually checking the User object and outputting whether it is
>>> null
>>>> or not in the login action. I tried both getUser() and
>>>> getUserFromSession() and they are both NULL every single time a login
>>> is
>>>> attempted. Something up the chain is clearing all of that out before
>>> the
>>>> login occurs.
>>>> 
>>>> --Nathan
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>>>> [mailto:bruce.altner-1@nasa.gov]
>>>> Sent: Thu 1/31/2008 9:29 AM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>> 
>>>> How about just doing this, early in the Login action doPerform method
>>>> (first thing?):
>>>> 
>>>> 
>>>>         if ( data.getUserFromSession() != null )
>>>>         {
>>>>             return;
>>>>         }
>>>> 
>>>> 
>>>> Bruce
>>>> 
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 8:35 AM
>>>> To: user@turbine.apache.org
>>>> Subject: user is nulled out on login attempt
>>>> 
>>>> 
>>>> Hi all,
>>>> 
>>>> I am writing my own login action and need to be able to check to see
>>> if
>>>> a user is already logged in when the action is called. If they are, I
>>>> want to skip the login stuff to preserve their session. However, every
>>>> single time that the login action is called, the User object is coming
>>>> back NULL.
>>>> 
>>>> Here is a code snippet. Does anyone have any idea WHY the user is
>>> coming
>>>> back NULL? I assume something is happening in Turbine somewhere that
>>>> wipes the User on a login attempt or something?
>>>> 
>>>> 
>>>> public class OutageCalLoginUser extends LoginUser  {
>>>> 
>>>> public void doPerform( RunData data, Context context) throws Exception
>>> {
>>>>     String uname ;
>>>>     String passwd ;
>>>> 
>>>>     System.out.println("doPerform(data, context)");
>>>>     if ( data.getUserFromSession() == null ){
>>>>       System.out.println("user from session is null");
>>>>     }else{
>>>>       System.out.println("user from session is NOT null");
>>>>     }
>>>> 
>>>>     if(data.getUser() == null){
>>>>       System.out.println("user is null");
>>>>     }else{
>>>>       System.out.println("user is NOT null");
>>>>       if(data.getUser().hasLoggedIn()){
>>>>               System.out.println("user is logged in");
>>>>         }else{
>>>>               System.out.println("user is NOT logged in");
>>>>         }
>>>>     }
>>>> 
>>>> 
>>>>     if((data.getUser() == null) || (data.getUser() != null &&
>>>> data.getUser().hasLoggedIn() == false)){
>>>> 
>>>>           try {
>>>>             SymEncDec enc = SymEncDec.getInstance();
>>>> 
>>>>             // Username/password = username/pswd coming through front
>>>> door.
>>>>             // User coming from elsewhere will have neither username
>>>> nor pswd.
>>>>             String username = data.getParameters().get("username");
>>>>             String pswd = data.getParameters().get("password");
>>>> 
>>>>             // If username exists, user came in the front door.
>>>>             if (username != null && username.length()>0) {
>>>>                 uname = username;
>>>>                 passwd = pswd;
>>>>             }else {
>>>>                 uname = "guest";
>>>>                 String encryptedPasswd =
>>>> TurbineResources.getString("guest.credential");
>>>>                 passwd = encryptedPasswd;
>>>>                 //enc.decodeBase64Decrypt(encryptedPasswd);
>>>>             }
>>>>             // Log the user in
>>>>             doLogin(data, uname, passwd);
>>>> 
>>>>             try {
>>>>               Utils.getUserID(data);
>>>>             }
>>>>             catch (NullPointerException npe) {
>>>>               throw new TurbineSecurityException("Bad username or
>>>> password, I say!");
>>>>             }
>>>> 
>>>>           }
>>>>           catch ( TurbineSecurityException se ) {
>>>>             badUserOrPassword(se, data);
>>>>           }
>>>>           catch (Exception e) {
>>>>             throw new PortalVelocityException(e.getMessage()=ull?":
>>>> "+e.getMessage():e.getMessage(),
>>>>               e.getCause()=ull?e:e.getCause(), data);
>>>>           }
>>>> 
>>>>     }
>>>>   }
>>>> 
>>>> }
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>> 
>>> 
>>> 
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>> For additional commands, e-mail: user-help@turbine.apache.org
>>> 
>>> 
>>> 
>>> 
>> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org


Mime
View raw message