Return-Path: 
 <user-return-20143-apmail-turbine-user-archive=turbine.apache.org@turbine.apache.org>
Delivered-To: apmail-turbine-user-archive@www.apache.org
Received: (qmail 28793 invoked from network); 1 Feb 2008 00:54:40 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 1 Feb 2008 00:54:40 -0000
Received: (qmail 2210 invoked by uid 500); 1 Feb 2008 00:54:31 -0000
Delivered-To: apmail-turbine-user-archive@turbine.apache.org
Received: (qmail 2198 invoked by uid 500); 1 Feb 2008 00:54:31 -0000
Mailing-List: contact user-help@turbine.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@turbine.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@turbine.apache.org>
List-Post: <mailto:user@turbine.apache.org>
List-Id: <user.turbine.apache.org>
Reply-To: "Turbine Users List" <user@turbine.apache.org>
Delivered-To: mailing list user@turbine.apache.org
Received: (qmail 2189 invoked by uid 99); 1 Feb 2008 00:54:31 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 Jan 2008 16:54:31 -0800
X-ASF-Spam-Status: No, hits=-1.4 required=10.0
	tests=RCVD_IN_DNSWL_MED,RCVD_NUMERIC_HELO,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [192.149.131.173] (HELO ndmsbar03.ndc.nasa.gov)
 (192.149.131.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Feb 2008 00:54:00 +0000
Received: from ndmsxgw03.ndc.nasa.gov (ndmsxgw03.ndc.nasa.gov [129.166.9.161])
	by ndmsbar03.ndc.nasa.gov (Spam Firewall) with ESMTP id A76403EA05F
	for <user@turbine.apache.org>; Thu, 31 Jan 2008 18:54:05 -0600 (CST)
Received: from ndmsxgw03.ndc.nasa.gov (ndmsxgw03.ndc.nasa.gov [129.166.9.161])
 by ndmsbar03.ndc.nasa.gov with ESMTP id FLfUM7S54STQtvuQ for
 <user@turbine.apache.org>; Thu, 31 Jan 2008 18:54:05 -0600 (CST)
Received: from NDMSEVS37A.ndc.nasa.gov ([129.166.9.157]) by
 ndmsxgw03.ndc.nasa.gov with Microsoft SMTPSVC(6.0.3790.1830);
	 Thu, 31 Jan 2008 18:54:05 -0600
Received: from 129.166.32.41 ([129.166.32.41]) by NDMSEVS37A.ndc.nasa.gov
 ([129.166.9.24]) via Exchange Front-End Server mail01.ndc.nasa.gov
 ([129.166.32.103]) with Microsoft Exchange Server HTTP-DAV ;
 Fri,  1 Feb 2008 00:54:05 +0000
User-Agent: Microsoft-Entourage/11.3.3.061214
Date: Thu, 31 Jan 2008 19:54:05 -0500
Subject: Re: user is nulled out on login attempt
From: Bruce Altner <bruce.altner-1@nasa.gov>
To: Turbine Users List <user@turbine.apache.org>
Message-ID: <C3C7D7DD.1157F%bruce.altner-1@nasa.gov>
Thread-Topic: user is nulled out on login attempt
Thread-Index: AchkZZRmt3y1dzvlT/aIr3z07cGx9QAAzRhxAAEKKok=
In-Reply-To: <7BDDFD5EEE4B4C4DA2CB9DAD371D7A240714FD@NDMSEVS37B.ndc.nasa.gov>
Mime-version: 1.0
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit
X-OriginalArrivalTime: 01 Feb 2008 00:54:05.0245 (UTC)
 FILETIME=[F19616D0:01C8646C]
X-Virus-Checked: Checked by ClamAV on apache.org

Nte:

I was looking at a clas I'd written for SNA (SNALogin.java, clever name,
huh?) which authenticated against the ACE server (token-based). Here is a
comment from that file for the javadoc:

     * <p><em>Note: Turbine clears the session before calling this
     * method</em></p>

I also took up your challenge when I had time this afternoon and built the
outage calendar locally and you are right...my code snippet which was
supposed to exit the method if data.getUserFromSession() != null failed to
solve the problem, so I think you are right, this happens "higher up" in the
framework.

I can't shake the memory that I solved this already (SNA) but it's not
readily apparent fom the code how I did this. Maybe I never did and only
wished that I had!

Bruce

On 1/31/08 7:24 PM, "Shaw, Nathan (HQ-LD070)[InDyne, Inc]"
<nathan.shaw-1@nasa.gov> wrote:

> Yeah, I saw that post about tracking multiple sessions. Unfortunately, that is
> not what I want. I simply want to check if the user is logged in on the same
> machine. I am not worried about tracking multiple sessions.
> 
> For some reason, when a new login attempt is made, Turbine is clearing the
> User object and session. I basically want to be able to check to see if the
> user is already logged in when they access the login action. If they are, skip
> the login, as they are already logged in. If not, try to log them in.
> 
> 
> 
> 
> -----Original Message-----
> From: Jeffery Painter [mailto:painter@kiasoft.com]
> Sent: Thu 1/31/2008 6:03 PM
> To: Turbine Users List
> Subject: Re: user is nulled out on login attempt
>  
> 
> hmm... If this is the case, then I recall this was asked/addressed a few
> years back. I would look through the archives again (looking specifically
> for detecting more than one active login) - it seems someone wrote a tool
> to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
> other old timers can remember better than I.
> 
> 
> --
> Jeffery Painter
> 
> 
>> Hi,
>> 
>> When you say "already logged in" - do you want to check if the user is
>> logged in from another computer ? If that is the case, your user object
>> WILL
>> NOT show up in the session for the current browser.
>> 
>> To implement this functionality, you will have to keep track of logged in
>> users through some separate mechanism (like say a HashSet into which you
>> add
>> any new user that logs in - first check if the user is present in the
>> HashSet, and if so direct them to a page that says they're already logged
>> in, otherwise log them in and add them to this HashSet) .
>> 
>> You would also need to keep track of when a user logs out and when a
>> session
>> times out, so that you can remove the user from this HashSet when either
>> of
>> these occur. Check out the HttpSessionBindingListener interface. The
>> easiest
>> way is for your User object to implement this interface and Add / Remove
>> itself from the HashSet when the valueBound() / valueUnbound() methods are
>> called respectively.
>> 
>> BK
>> 
>> 
>> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
>> nathan.shaw-1@nasa.gov> wrote:
>> 
>>> Thanks Jeffrey,
>>> 
>>> The problem is not in logging a user in... the action I have is doing
>>> that
>>> just fine. The problem is when you try to detect if a user calling the
>>> login
>>> action is ALREADY logged in or not (in this case, we have guest users
>>> coming
>>> in from another site).
>>> 
>>> I want to make it so if the user is already logged in, it does not log
>>> them in again. However, when I test the User returned in the doperform()
>>> method in my login action, it is always NULL. It appears that something
>>> up
>>> the chain is wiping the User object and the session.
>>> 
>>> --Nathan
>>> 
>>> 
>>> -----Original Message-----
>>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>>> Sent: Thu 1/31/2008 1:08 PM
>>> To: Turbine Users List
>>> Subject: RE: user is nulled out on login attempt
>>> 
>>> 
>>> I had used Turbine to build a prototype of an electronic health record
>>> system.
>>> 
>>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>>> custom
>>> login action is here:
>>> 
>>> 
>>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/ed
>>> u/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content
>>> -type=text/vnd.viewcvs-markup
>>> 
>>> Maybe that will give you some insight... it worked last time I ran the
>>> code but that was Dec 2006...
>>> 
>>> Hope it helps
>>> 
>>> --
>>> Jeffery Painter
>>> Knowledge Engineer
>>> Semantic Technologies Group
>>> Statistical and Quantitative Sciences
>>> GlaxoSmithKline Research and Development
>>> 
>>> 
>>>> I don't get that. The test is if the user is NOT null.
>>>> 
>>>> Anyway, it does work. I took it from my SNA login code (our first
>>>> Turbine project.)
>>>> 
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 12:17 PM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>> 
>>>> I don't think that will work because that will mean that the user is
>>>> null and is not logged in at all. It will actually probably be caught
>>> by
>>>> the SessionValidator and just take them back to the login page.
>>>> 
>>>> I am actually checking the User object and outputting whether it is
>>> null
>>>> or not in the login action. I tried both getUser() and
>>>> getUserFromSession() and they are both NULL every single time a login
>>> is
>>>> attempted. Something up the chain is clearing all of that out before
>>> the
>>>> login occurs.
>>>> 
>>>> --Nathan
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>>>> [mailto:bruce.altner-1@nasa.gov]
>>>> Sent: Thu 1/31/2008 9:29 AM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>> 
>>>> How about just doing this, early in the Login action doPerform method
>>>> (first thing?):
>>>> 
>>>> 
>>>>         if ( data.getUserFromSession() != null )
>>>>         {
>>>>             return;
>>>>         }
>>>> 
>>>> 
>>>> Bruce
>>>> 
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 8:35 AM
>>>> To: user@turbine.apache.org
>>>> Subject: user is nulled out on login attempt
>>>> 
>>>> 
>>>> Hi all,
>>>> 
>>>> I am writing my own login action and need to be able to check to see
>>> if
>>>> a user is already logged in when the action is called. If they are, I
>>>> want to skip the login stuff to preserve their session. However, every
>>>> single time that the login action is called, the User object is coming
>>>> back NULL.
>>>> 
>>>> Here is a code snippet. Does anyone have any idea WHY the user is
>>> coming
>>>> back NULL? I assume something is happening in Turbine somewhere that
>>>> wipes the User on a login attempt or something?
>>>> 
>>>> 
>>>> public class OutageCalLoginUser extends LoginUser  {
>>>> 
>>>> public void doPerform( RunData data, Context context) throws Exception
>>> {
>>>>     String uname ;
>>>>     String passwd ;
>>>> 
>>>>     System.out.println("doPerform(data, context)");
>>>>     if ( data.getUserFromSession() == null ){
>>>>       System.out.println("user from session is null");
>>>>     }else{
>>>>       System.out.println("user from session is NOT null");
>>>>     }
>>>> 
>>>>     if(data.getUser() == null){
>>>>       System.out.println("user is null");
>>>>     }else{
>>>>       System.out.println("user is NOT null");
>>>>       if(data.getUser().hasLoggedIn()){
>>>>               System.out.println("user is logged in");
>>>>         }else{
>>>>               System.out.println("user is NOT logged in");
>>>>         }
>>>>     }
>>>> 
>>>> 
>>>>     if((data.getUser() == null) || (data.getUser() != null &&
>>>> data.getUser().hasLoggedIn() == false)){
>>>> 
>>>>           try {
>>>>             SymEncDec enc = SymEncDec.getInstance();
>>>> 
>>>>             // Username/password = username/pswd coming through front
>>>> door.
>>>>             // User coming from elsewhere will have neither username
>>>> nor pswd.
>>>>             String username = data.getParameters().get("username");
>>>>             String pswd = data.getParameters().get("password");
>>>> 
>>>>             // If username exists, user came in the front door.
>>>>             if (username != null && username.length()>0) {
>>>>                 uname = username;
>>>>                 passwd = pswd;
>>>>             }else {
>>>>                 uname = "guest";
>>>>                 String encryptedPasswd =
>>>> TurbineResources.getString("guest.credential");
>>>>                 passwd = encryptedPasswd;
>>>>                 //enc.decodeBase64Decrypt(encryptedPasswd);
>>>>             }
>>>>             // Log the user in
>>>>             doLogin(data, uname, passwd);
>>>> 
>>>>             try {
>>>>               Utils.getUserID(data);
>>>>             }
>>>>             catch (NullPointerException npe) {
>>>>               throw new TurbineSecurityException("Bad username or
>>>> password, I say!");
>>>>             }
>>>> 
>>>>           }
>>>>           catch ( TurbineSecurityException se ) {
>>>>             badUserOrPassword(se, data);
>>>>           }
>>>>           catch (Exception e) {
>>>>             throw new PortalVelocityException(e.getMessage()=ull?":
>>>> "+e.getMessage():e.getMessage(),
>>>>               e.getCause()=ull?e:e.getCause(), data);
>>>>           }
>>>> 
>>>>     }
>>>>   }
>>>> 
>>>> }
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>> 
>>> 
>>> 
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>> For additional commands, e-mail: user-help@turbine.apache.org
>>> 
>>> 
>>> 
>>> 
>> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org