You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Roberto Rossi <ro...@cone.it> on 2010/10/05 11:36:39 UTC
auto login after user registration
Using UserManager, GroupManager and RoleManager objects I customized a
portlet for the user registration in our website.
I'd like also to let the user autologin after successful registration.
Is this possible?
I saw the code of the UserRegistrationPortlet but I cannot figure out if
this step is accomplished or not.
My Jetspeed instance is 2.1.2.
Thank for you help.
ROb
Re: auto login after user registration
Posted by Woonsan Ko <wo...@yahoo.com>.
Hi ROb,
Thank you very much for sharing your solution.
Please see my comments inline.
--- On Fri, 10/8/10, Roberto Rossi <ro...@cone.it> wrote:
> From: Roberto Rossi <ro...@cone.it>
> Subject: Re: auto login after user registration
> To: "Jetspeed Users List" <je...@portals.apache.org>
> Date: Friday, October 8, 2010, 10:37 AM
> Thank you Wonsan for your reply.
>
> But even if I implement a servlet like
> o.a.j.login.LoginProxyServlet I
> need always to autenticate the user to the Tomcat realm
> passing
> j_username and j_password variables, don't?
You're right. So if you want to use ajax invocations to authenticate, those multiple redirection/posting will not happen automatically.
However, it would be good enough just to redirect to a servlet like loginProxy from the server-side portlet code because the browser will handle the redirection headers.
> I studied the login portlet and in one the login steps
> there is a submit
> (in the onLoad javascript event of the page) that POSTs
> these two
> variables to the action
> <jetspeed>/login/j_security_check .
>
> At the moment I used an AJAX, all client side, approach.
> After successful user registration (also this step in an
> AJAX style) I
> created a chain of POSTs/GETs to simulate the user
> interaction for all
> login steps.
> For those that know jQuery ajax() function this is the
> chain (in
> Velocity/Javascript code):
>
>
>
>
> ## AJAX - POST
> verso /.../login/proxy , parametri:
> org.apache.jetspeed.login.username=<username>&org.apache.jetspeed.login.password=<password>
>
> $.ajax({
>
>
> url: '/<jetspeed_dir>/login/proxy',
>
>
> type: 'POST',
>
>
> data: {"org.apache.jetspeed.login.username":
> username,
> "org.apache.jetspeed.login.password": password},
>
>
> error: function() {},
>
>
> success: function(data) {
>
>
> ## AJAX - GET verso
> /ys/login/redirector
>
>
> $.ajax({
>
>
> url:
> '/<jetspeed_dir>/login/redirector',
>
>
> type:
> 'GET',
>
>
> data:
> {},
>
>
> error:
> function() {},
>
>
> success:
> function(data) {
>
>
>
> ## AJAX - POST verso
> /.../login/j_security_check ,
> parametri:
> j_username=<username>&j_password=<password>
>
>
>
> $.ajax({
>
>
>
> url:
> '/<jetspeed_dir>/login/j_security_check',
>
>
>
> type: 'POST',
>
>
>
> data: {"j_username":
> username, "j_password": password},
>
>
>
> error: function() {},
>
>
>
> success: function(data) {
>
>
>
> ## AJAX
> - GET verso /.../login/redirector
>
>
>
> $.ajax({
>
>
>
>
> url:
> '/<jetspeed_dir>/login/redirector',
>
>
>
>
> type: 'GET',
>
>
>
>
> data: {},
>
>
>
>
> error: function() {},
>
>
>
>
> success: function(data) {
>
>
>
>
> /* last redirect */
>
>
>
>
> document.location.href
> = '<go where you want!>';
>
>
>
>
> }
>
>
>
>
> });
>
>
>
> }
>
>
>
> });
>
>
> }
>
>
> });
>
>
> }
>
>
> });
>
> The code is a bit confused but the story is this:
> After user registration we POST to
> <jetspeed_dir>/login/proxy with the
> user credentials in the form
> org.apache.jetspeed.login.username=username
> and org.apache.jetspeed.login.password=password ,
> If the POST response is ok, then we GET to
> <jetspeed_dir>/login/redirector with no data,
> After this, we POST again to
> <jetspeed_dir>/login/j_security_check with
> j_username and j_password variables (this step is the same
> of the
> standard form auto submission made by LoginPortlet)
> and as a last step we GET again to
> <jetspeed_dir>/login/redirector with
> no data.
>
> This long request chain let me login the user, with all
> cookies and
> session variables correctly set, and I can redirect him
> anywhere in my
> portal.
Nice! Thank you very much for sharing your experience. I think this would be really helpful to somebodies.
>
> Obviously all the credentials are sent in plain text.
Ah, yes. That's the only caveat.
However, couldn't you use POST instead of GET? Then it can leverage SSL in some environments.
Kind regards,
Woonsan
>
> Hope this can help someone.
>
> ROb
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: auto login after user registration
Posted by Roberto Rossi <ro...@cone.it>.
Thank you Wonsan for your reply.
But even if I implement a servlet like o.a.j.login.LoginProxyServlet I
need always to autenticate the user to the Tomcat realm passing
j_username and j_password variables, don't?
I studied the login portlet and in one the login steps there is a submit
(in the onLoad javascript event of the page) that POSTs these two
variables to the action <jetspeed>/login/j_security_check .
At the moment I used an AJAX, all client side, approach.
After successful user registration (also this step in an AJAX style) I
created a chain of POSTs/GETs to simulate the user interaction for all
login steps.
For those that know jQuery ajax() function this is the chain (in
Velocity/Javascript code):
## AJAX - POST
verso /.../login/proxy , parametri:
org.apache.jetspeed.login.username=<username>&org.apache.jetspeed.login.password=<password>
$.ajax({
url: '/<jetspeed_dir>/login/proxy',
type: 'POST',
data: {"org.apache.jetspeed.login.username": username,
"org.apache.jetspeed.login.password": password},
error: function() {},
success: function(data) {
## AJAX - GET verso /ys/login/redirector
$.ajax({
url: '/<jetspeed_dir>/login/redirector',
type: 'GET',
data: {},
error: function() {},
success: function(data) {
## AJAX - POST verso /.../login/j_security_check ,
parametri: j_username=<username>&j_password=<password>
$.ajax({
url: '/<jetspeed_dir>/login/j_security_check',
type: 'POST',
data: {"j_username": username, "j_password": password},
error: function() {},
success: function(data) {
## AJAX - GET verso /.../login/redirector
$.ajax({
url: '/<jetspeed_dir>/login/redirector',
type: 'GET',
data: {},
error: function() {},
success: function(data) {
/* last redirect */
document.location.href = '<go where you want!>';
}
});
}
});
}
});
}
});
The code is a bit confused but the story is this:
After user registration we POST to <jetspeed_dir>/login/proxy with the
user credentials in the form org.apache.jetspeed.login.username=username
and org.apache.jetspeed.login.password=password ,
If the POST response is ok, then we GET to
<jetspeed_dir>/login/redirector with no data,
After this, we POST again to <jetspeed_dir>/login/j_security_check with
j_username and j_password variables (this step is the same of the
standard form auto submission made by LoginPortlet)
and as a last step we GET again to <jetspeed_dir>/login/redirector with
no data.
This long request chain let me login the user, with all cookies and
session variables correctly set, and I can redirect him anywhere in my
portal.
Obviously all the credentials are sent in plain text.
Hope this can help someone.
ROb
Re: auto login after user registration
Posted by Woonsan Ko <wo...@yahoo.com>.
Hi Rob,
I think it is possible to redirect to a dedicated login servlet path in your customized portlet.
For example, you can redirect to /jetspeed/login/proxy with query parameters. However, with this approach, the credentials will not be secured. So, you can consider to implement a new servlet like o.a.j.login.LoginProxyServlet with using session attributes instead of query parameters for user credentials information.
Regards,
Woonsan
--- On Tue, 10/5/10, Roberto Rossi <ro...@cone.it> wrote:
> From: Roberto Rossi <ro...@cone.it>
> Subject: auto login after user registration
> To: "Jetspeed Users List" <je...@portals.apache.org>
> Date: Tuesday, October 5, 2010, 11:36 AM
> Using UserManager, GroupManager and
> RoleManager objects I customized a
> portlet for the user registration in our website.
>
> I'd like also to let the user autologin after successful
> registration.
> Is this possible?
> I saw the code of the UserRegistrationPortlet but I cannot
> figure out if
> this step is accomplished or not.
>
> My Jetspeed instance is 2.1.2.
>
> Thank for you help.
>
> ROb
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org