You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@isis.apache.org by Christian Steinebach <Ch...@marintek.sintef.no> on 2013/05/31 14:02:48 UTC
automatic login using url?
Hi all!
I wanted to login using url parameters, something like:
http://localhost://MyIsisApplication?user=erik&pass=pass
should log in as user erik with password pass.
I seem to have managed to find a solution, just override the newSession method in the application class:
public class MyIsisApplication extends IsisWicketApplication {
@Override
public Session newSession(final Request request, final Response response) {
AuthenticatedWebSessionForIsis s = (AuthenticatedWebSessionForIsis) super.newSession(request, response);
StringValue user = request.getRequestParameters().getParameterValue("user");
StringValue password = request.getRequestParameters().getParameterValue("pass");
s.signIn(user.toString(), "pass");
return s;
So far, it seems to work, the only problem i have is when trying to log in with a different user
before the session has timed out.
Has anybody a hint, where (and how) I should switch the user when called with a different user name?
Any help very much appreciated
Christian
Re: automatic login using url?
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Gotcha. Good stuff.
On 31 May 2013 13:48, Christian Steinebach <
Christian.Steinebach@marintek.sintef.no> wrote:
> Hi Dan!
>
> Still the same thing...
>
> A central login application is calling several web application modules
> with a parameter ?user=xxxx
> And then the user should login automagically. Different users have
> different roles, so therefore
> the user switch...
>
> Christian
>
>
> ________________________________________
> From: Dan Haywood [dan@haywood-associates.co.uk]
> Sent: Friday, May 31, 2013 2:36 PM
> To: users
> Subject: Re: automatic login using url?
>
> By the way, is this a continuation of the TPM demo, or something else?
>
>
>
> On 31 May 2013 13:34, Christian Steinebach <
> Christian.Steinebach@marintek.sintef.no> wrote:
>
> > Thanks a lot, Dan! :-)
> >
> > Christian
> > ________________________________________
> > From: Dan Haywood [dan@haywood-associates.co.uk]
> > Sent: Friday, May 31, 2013 2:30 PM
> > To: users
> > Subject: Re: automatic login using url?
> >
> > Looks ok to me. It's in your subclass of WicketApplication, so you can
> do
> > what you want.
> >
> > As I said, we need to integrate Shiro, Isis and Wicket more closely, and
> > part of that is the lifecycle of the invalidations of their respective
> > authentication sessions when logging out. Blowing away the HttpSession,
> as
> > you've done, is the nuclear option, but it's probably the best thing you
> > can do right now.
> >
> > Cheers
> > Dan
> >
> >
> >
> > On 31 May 2013 13:27, Christian Steinebach <
> > Christian.Steinebach@marintek.sintef.no> wrote:
> >
> > > Hi again!
> > >
> > > Quick (and dirty?) overriding newWebRequest seems to do the job.
> > > If I've created a big problem for myself please let me know. ;-)
> > > The solution doesn't have to be secure, just work. It's for a demo
> > > where login is handled by another application anyway.
> > >
> > > Regards
> > > Christian
> > >
> > >
> > >
> > > @Override
> > > public WebRequest newWebRequest(HttpServletRequest servletRequest,
> > > String filterPath) {
> > > try {
> > > String uname = servletRequest.getParameter("user");
> > > if (uname != null) {
> > > servletRequest.getSession().invalidate();
> > > }
> > > } catch (Exception e) {
> > > }
> > > WebRequest request = super.newWebRequest(servletRequest,
> > > filterPath);
> > > return request;
> > > }
> > >
> > > ________________________________________
> > > From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
> > > Sent: Friday, May 31, 2013 2:02 PM
> > > To: users@isis.apache.org
> > > Subject: automatic login using url?
> > >
> > > Hi all!
> > >
> > > I wanted to login using url parameters, something like:
> > >
> > > http://localhost://MyIsisApplication?user=erik&pass=pass
> > >
> > > should log in as user erik with password pass.
> > > I seem to have managed to find a solution, just override the newSession
> > > method in the application class:
> > >
> > > public class MyIsisApplication extends IsisWicketApplication {
> > >
> > > @Override
> > > public Session newSession(final Request request, final Response
> > > response) {
> > > AuthenticatedWebSessionForIsis s =
> > > (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> > > StringValue user =
> > > request.getRequestParameters().getParameterValue("user");
> > > StringValue password =
> > > request.getRequestParameters().getParameterValue("pass");
> > > s.signIn(user.toString(), "pass");
> > > return s;
> > >
> > >
> > > So far, it seems to work, the only problem i have is when trying to log
> > in
> > > with a different user
> > > before the session has timed out.
> > >
> > > Has anybody a hint, where (and how) I should switch the user when
> called
> > > with a different user name?
> > >
> > > Any help very much appreciated
> > >
> > > Christian
> > >
> >
>
RE: automatic login using url?
Posted by Christian Steinebach <Ch...@marintek.sintef.no>.
Hi Dan!
Still the same thing...
A central login application is calling several web application modules with a parameter ?user=xxxx
And then the user should login automagically. Different users have different roles, so therefore
the user switch...
Christian
________________________________________
From: Dan Haywood [dan@haywood-associates.co.uk]
Sent: Friday, May 31, 2013 2:36 PM
To: users
Subject: Re: automatic login using url?
By the way, is this a continuation of the TPM demo, or something else?
On 31 May 2013 13:34, Christian Steinebach <
Christian.Steinebach@marintek.sintef.no> wrote:
> Thanks a lot, Dan! :-)
>
> Christian
> ________________________________________
> From: Dan Haywood [dan@haywood-associates.co.uk]
> Sent: Friday, May 31, 2013 2:30 PM
> To: users
> Subject: Re: automatic login using url?
>
> Looks ok to me. It's in your subclass of WicketApplication, so you can do
> what you want.
>
> As I said, we need to integrate Shiro, Isis and Wicket more closely, and
> part of that is the lifecycle of the invalidations of their respective
> authentication sessions when logging out. Blowing away the HttpSession, as
> you've done, is the nuclear option, but it's probably the best thing you
> can do right now.
>
> Cheers
> Dan
>
>
>
> On 31 May 2013 13:27, Christian Steinebach <
> Christian.Steinebach@marintek.sintef.no> wrote:
>
> > Hi again!
> >
> > Quick (and dirty?) overriding newWebRequest seems to do the job.
> > If I've created a big problem for myself please let me know. ;-)
> > The solution doesn't have to be secure, just work. It's for a demo
> > where login is handled by another application anyway.
> >
> > Regards
> > Christian
> >
> >
> >
> > @Override
> > public WebRequest newWebRequest(HttpServletRequest servletRequest,
> > String filterPath) {
> > try {
> > String uname = servletRequest.getParameter("user");
> > if (uname != null) {
> > servletRequest.getSession().invalidate();
> > }
> > } catch (Exception e) {
> > }
> > WebRequest request = super.newWebRequest(servletRequest,
> > filterPath);
> > return request;
> > }
> >
> > ________________________________________
> > From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
> > Sent: Friday, May 31, 2013 2:02 PM
> > To: users@isis.apache.org
> > Subject: automatic login using url?
> >
> > Hi all!
> >
> > I wanted to login using url parameters, something like:
> >
> > http://localhost://MyIsisApplication?user=erik&pass=pass
> >
> > should log in as user erik with password pass.
> > I seem to have managed to find a solution, just override the newSession
> > method in the application class:
> >
> > public class MyIsisApplication extends IsisWicketApplication {
> >
> > @Override
> > public Session newSession(final Request request, final Response
> > response) {
> > AuthenticatedWebSessionForIsis s =
> > (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> > StringValue user =
> > request.getRequestParameters().getParameterValue("user");
> > StringValue password =
> > request.getRequestParameters().getParameterValue("pass");
> > s.signIn(user.toString(), "pass");
> > return s;
> >
> >
> > So far, it seems to work, the only problem i have is when trying to log
> in
> > with a different user
> > before the session has timed out.
> >
> > Has anybody a hint, where (and how) I should switch the user when called
> > with a different user name?
> >
> > Any help very much appreciated
> >
> > Christian
> >
>
Re: automatic login using url?
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
By the way, is this a continuation of the TPM demo, or something else?
On 31 May 2013 13:34, Christian Steinebach <
Christian.Steinebach@marintek.sintef.no> wrote:
> Thanks a lot, Dan! :-)
>
> Christian
> ________________________________________
> From: Dan Haywood [dan@haywood-associates.co.uk]
> Sent: Friday, May 31, 2013 2:30 PM
> To: users
> Subject: Re: automatic login using url?
>
> Looks ok to me. It's in your subclass of WicketApplication, so you can do
> what you want.
>
> As I said, we need to integrate Shiro, Isis and Wicket more closely, and
> part of that is the lifecycle of the invalidations of their respective
> authentication sessions when logging out. Blowing away the HttpSession, as
> you've done, is the nuclear option, but it's probably the best thing you
> can do right now.
>
> Cheers
> Dan
>
>
>
> On 31 May 2013 13:27, Christian Steinebach <
> Christian.Steinebach@marintek.sintef.no> wrote:
>
> > Hi again!
> >
> > Quick (and dirty?) overriding newWebRequest seems to do the job.
> > If I've created a big problem for myself please let me know. ;-)
> > The solution doesn't have to be secure, just work. It's for a demo
> > where login is handled by another application anyway.
> >
> > Regards
> > Christian
> >
> >
> >
> > @Override
> > public WebRequest newWebRequest(HttpServletRequest servletRequest,
> > String filterPath) {
> > try {
> > String uname = servletRequest.getParameter("user");
> > if (uname != null) {
> > servletRequest.getSession().invalidate();
> > }
> > } catch (Exception e) {
> > }
> > WebRequest request = super.newWebRequest(servletRequest,
> > filterPath);
> > return request;
> > }
> >
> > ________________________________________
> > From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
> > Sent: Friday, May 31, 2013 2:02 PM
> > To: users@isis.apache.org
> > Subject: automatic login using url?
> >
> > Hi all!
> >
> > I wanted to login using url parameters, something like:
> >
> > http://localhost://MyIsisApplication?user=erik&pass=pass
> >
> > should log in as user erik with password pass.
> > I seem to have managed to find a solution, just override the newSession
> > method in the application class:
> >
> > public class MyIsisApplication extends IsisWicketApplication {
> >
> > @Override
> > public Session newSession(final Request request, final Response
> > response) {
> > AuthenticatedWebSessionForIsis s =
> > (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> > StringValue user =
> > request.getRequestParameters().getParameterValue("user");
> > StringValue password =
> > request.getRequestParameters().getParameterValue("pass");
> > s.signIn(user.toString(), "pass");
> > return s;
> >
> >
> > So far, it seems to work, the only problem i have is when trying to log
> in
> > with a different user
> > before the session has timed out.
> >
> > Has anybody a hint, where (and how) I should switch the user when called
> > with a different user name?
> >
> > Any help very much appreciated
> >
> > Christian
> >
>
RE: automatic login using url?
Posted by Christian Steinebach <Ch...@marintek.sintef.no>.
Thanks a lot, Dan! :-)
Christian
________________________________________
From: Dan Haywood [dan@haywood-associates.co.uk]
Sent: Friday, May 31, 2013 2:30 PM
To: users
Subject: Re: automatic login using url?
Looks ok to me. It's in your subclass of WicketApplication, so you can do
what you want.
As I said, we need to integrate Shiro, Isis and Wicket more closely, and
part of that is the lifecycle of the invalidations of their respective
authentication sessions when logging out. Blowing away the HttpSession, as
you've done, is the nuclear option, but it's probably the best thing you
can do right now.
Cheers
Dan
On 31 May 2013 13:27, Christian Steinebach <
Christian.Steinebach@marintek.sintef.no> wrote:
> Hi again!
>
> Quick (and dirty?) overriding newWebRequest seems to do the job.
> If I've created a big problem for myself please let me know. ;-)
> The solution doesn't have to be secure, just work. It's for a demo
> where login is handled by another application anyway.
>
> Regards
> Christian
>
>
>
> @Override
> public WebRequest newWebRequest(HttpServletRequest servletRequest,
> String filterPath) {
> try {
> String uname = servletRequest.getParameter("user");
> if (uname != null) {
> servletRequest.getSession().invalidate();
> }
> } catch (Exception e) {
> }
> WebRequest request = super.newWebRequest(servletRequest,
> filterPath);
> return request;
> }
>
> ________________________________________
> From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
> Sent: Friday, May 31, 2013 2:02 PM
> To: users@isis.apache.org
> Subject: automatic login using url?
>
> Hi all!
>
> I wanted to login using url parameters, something like:
>
> http://localhost://MyIsisApplication?user=erik&pass=pass
>
> should log in as user erik with password pass.
> I seem to have managed to find a solution, just override the newSession
> method in the application class:
>
> public class MyIsisApplication extends IsisWicketApplication {
>
> @Override
> public Session newSession(final Request request, final Response
> response) {
> AuthenticatedWebSessionForIsis s =
> (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> StringValue user =
> request.getRequestParameters().getParameterValue("user");
> StringValue password =
> request.getRequestParameters().getParameterValue("pass");
> s.signIn(user.toString(), "pass");
> return s;
>
>
> So far, it seems to work, the only problem i have is when trying to log in
> with a different user
> before the session has timed out.
>
> Has anybody a hint, where (and how) I should switch the user when called
> with a different user name?
>
> Any help very much appreciated
>
> Christian
>
Re: automatic login using url?
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Looks ok to me. It's in your subclass of WicketApplication, so you can do
what you want.
As I said, we need to integrate Shiro, Isis and Wicket more closely, and
part of that is the lifecycle of the invalidations of their respective
authentication sessions when logging out. Blowing away the HttpSession, as
you've done, is the nuclear option, but it's probably the best thing you
can do right now.
Cheers
Dan
On 31 May 2013 13:27, Christian Steinebach <
Christian.Steinebach@marintek.sintef.no> wrote:
> Hi again!
>
> Quick (and dirty?) overriding newWebRequest seems to do the job.
> If I've created a big problem for myself please let me know. ;-)
> The solution doesn't have to be secure, just work. It's for a demo
> where login is handled by another application anyway.
>
> Regards
> Christian
>
>
>
> @Override
> public WebRequest newWebRequest(HttpServletRequest servletRequest,
> String filterPath) {
> try {
> String uname = servletRequest.getParameter("user");
> if (uname != null) {
> servletRequest.getSession().invalidate();
> }
> } catch (Exception e) {
> }
> WebRequest request = super.newWebRequest(servletRequest,
> filterPath);
> return request;
> }
>
> ________________________________________
> From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
> Sent: Friday, May 31, 2013 2:02 PM
> To: users@isis.apache.org
> Subject: automatic login using url?
>
> Hi all!
>
> I wanted to login using url parameters, something like:
>
> http://localhost://MyIsisApplication?user=erik&pass=pass
>
> should log in as user erik with password pass.
> I seem to have managed to find a solution, just override the newSession
> method in the application class:
>
> public class MyIsisApplication extends IsisWicketApplication {
>
> @Override
> public Session newSession(final Request request, final Response
> response) {
> AuthenticatedWebSessionForIsis s =
> (AuthenticatedWebSessionForIsis) super.newSession(request, response);
> StringValue user =
> request.getRequestParameters().getParameterValue("user");
> StringValue password =
> request.getRequestParameters().getParameterValue("pass");
> s.signIn(user.toString(), "pass");
> return s;
>
>
> So far, it seems to work, the only problem i have is when trying to log in
> with a different user
> before the session has timed out.
>
> Has anybody a hint, where (and how) I should switch the user when called
> with a different user name?
>
> Any help very much appreciated
>
> Christian
>
RE: automatic login using url?
Posted by Christian Steinebach <Ch...@marintek.sintef.no>.
Hi again!
Quick (and dirty?) overriding newWebRequest seems to do the job.
If I've created a big problem for myself please let me know. ;-)
The solution doesn't have to be secure, just work. It's for a demo
where login is handled by another application anyway.
Regards
Christian
@Override
public WebRequest newWebRequest(HttpServletRequest servletRequest, String filterPath) {
try {
String uname = servletRequest.getParameter("user");
if (uname != null) {
servletRequest.getSession().invalidate();
}
} catch (Exception e) {
}
WebRequest request = super.newWebRequest(servletRequest, filterPath);
return request;
}
________________________________________
From: Christian Steinebach [Christian.Steinebach@marintek.sintef.no]
Sent: Friday, May 31, 2013 2:02 PM
To: users@isis.apache.org
Subject: automatic login using url?
Hi all!
I wanted to login using url parameters, something like:
http://localhost://MyIsisApplication?user=erik&pass=pass
should log in as user erik with password pass.
I seem to have managed to find a solution, just override the newSession method in the application class:
public class MyIsisApplication extends IsisWicketApplication {
@Override
public Session newSession(final Request request, final Response response) {
AuthenticatedWebSessionForIsis s = (AuthenticatedWebSessionForIsis) super.newSession(request, response);
StringValue user = request.getRequestParameters().getParameterValue("user");
StringValue password = request.getRequestParameters().getParameterValue("pass");
s.signIn(user.toString(), "pass");
return s;
So far, it seems to work, the only problem i have is when trying to log in with a different user
before the session has timed out.
Has anybody a hint, where (and how) I should switch the user when called with a different user name?
Any help very much appreciated
Christian