You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Jeffery Painter <pa...@kiasoft.com> on 2008/02/01 00:03:09 UTC
Re: user is nulled out on login attempt
hmm... If this is the case, then I recall this was asked/addressed a few
years back. I would look through the archives again (looking specifically
for detecting more than one active login) - it seems someone wrote a tool
to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
other old timers can remember better than I.
--
Jeffery Painter
> Hi,
>
> When you say "already logged in" - do you want to check if the user is
> logged in from another computer ? If that is the case, your user object
> WILL
> NOT show up in the session for the current browser.
>
> To implement this functionality, you will have to keep track of logged in
> users through some separate mechanism (like say a HashSet into which you
> add
> any new user that logs in - first check if the user is present in the
> HashSet, and if so direct them to a page that says they're already logged
> in, otherwise log them in and add them to this HashSet) .
>
> You would also need to keep track of when a user logs out and when a
> session
> times out, so that you can remove the user from this HashSet when either
> of
> these occur. Check out the HttpSessionBindingListener interface. The
> easiest
> way is for your User object to implement this interface and Add / Remove
> itself from the HashSet when the valueBound() / valueUnbound() methods are
> called respectively.
>
> BK
>
>
> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
> nathan.shaw-1@nasa.gov> wrote:
>
>> Thanks Jeffrey,
>>
>> The problem is not in logging a user in... the action I have is doing
>> that
>> just fine. The problem is when you try to detect if a user calling the
>> login
>> action is ALREADY logged in or not (in this case, we have guest users
>> coming
>> in from another site).
>>
>> I want to make it so if the user is already logged in, it does not log
>> them in again. However, when I test the User returned in the doperform()
>> method in my login action, it is always NULL. It appears that something
>> up
>> the chain is wiping the User object and the session.
>>
>> --Nathan
>>
>>
>> -----Original Message-----
>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>> Sent: Thu 1/31/2008 1:08 PM
>> To: Turbine Users List
>> Subject: RE: user is nulled out on login attempt
>>
>>
>> I had used Turbine to build a prototype of an electronic health record
>> system.
>>
>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>> custom
>> login action is here:
>>
>>
>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/edu/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content-type=text/vnd.viewcvs-markup
>>
>> Maybe that will give you some insight... it worked last time I ran the
>> code but that was Dec 2006...
>>
>> Hope it helps
>>
>> --
>> Jeffery Painter
>> Knowledge Engineer
>> Semantic Technologies Group
>> Statistical and Quantitative Sciences
>> GlaxoSmithKline Research and Development
>>
>>
>> > I don't get that. The test is if the user is NOT null.
>> >
>> > Anyway, it does work. I took it from my SNA login code (our first
>> > Turbine project.)
>> >
>> > -----Original Message-----
>> > From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>> > [mailto:nathan.shaw-1@nasa.gov]
>> > Sent: Thursday, January 31, 2008 12:17 PM
>> > To: Turbine Users List
>> > Subject: RE: user is nulled out on login attempt
>> >
>> > I don't think that will work because that will mean that the user is
>> > null and is not logged in at all. It will actually probably be caught
>> by
>> > the SessionValidator and just take them back to the login page.
>> >
>> > I am actually checking the User object and outputting whether it is
>> null
>> > or not in the login action. I tried both getUser() and
>> > getUserFromSession() and they are both NULL every single time a login
>> is
>> > attempted. Something up the chain is clearing all of that out before
>> the
>> > login occurs.
>> >
>> > --Nathan
>> >
>> >
>> > -----Original Message-----
>> > From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>> > [mailto:bruce.altner-1@nasa.gov]
>> > Sent: Thu 1/31/2008 9:29 AM
>> > To: Turbine Users List
>> > Subject: RE: user is nulled out on login attempt
>> >
>> > How about just doing this, early in the Login action doPerform method
>> > (first thing?):
>> >
>> >
>> > if ( data.getUserFromSession() != null )
>> > {
>> > return;
>> > }
>> >
>> >
>> > Bruce
>> >
>> > -----Original Message-----
>> > From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>> > [mailto:nathan.shaw-1@nasa.gov]
>> > Sent: Thursday, January 31, 2008 8:35 AM
>> > To: user@turbine.apache.org
>> > Subject: user is nulled out on login attempt
>> >
>> >
>> > Hi all,
>> >
>> > I am writing my own login action and need to be able to check to see
>> if
>> > a user is already logged in when the action is called. If they are, I
>> > want to skip the login stuff to preserve their session. However, every
>> > single time that the login action is called, the User object is coming
>> > back NULL.
>> >
>> > Here is a code snippet. Does anyone have any idea WHY the user is
>> coming
>> > back NULL? I assume something is happening in Turbine somewhere that
>> > wipes the User on a login attempt or something?
>> >
>> >
>> > public class OutageCalLoginUser extends LoginUser {
>> >
>> > public void doPerform( RunData data, Context context) throws Exception
>> {
>> > String uname ;
>> > String passwd ;
>> >
>> > System.out.println("doPerform(data, context)");
>> > if ( data.getUserFromSession() == null ){
>> > System.out.println("user from session is null");
>> > }else{
>> > System.out.println("user from session is NOT null");
>> > }
>> >
>> > if(data.getUser() == null){
>> > System.out.println("user is null");
>> > }else{
>> > System.out.println("user is NOT null");
>> > if(data.getUser().hasLoggedIn()){
>> > System.out.println("user is logged in");
>> > }else{
>> > System.out.println("user is NOT logged in");
>> > }
>> > }
>> >
>> >
>> > if((data.getUser() == null) || (data.getUser() != null &&
>> > data.getUser().hasLoggedIn() == false)){
>> >
>> > try {
>> > SymEncDec enc = SymEncDec.getInstance();
>> >
>> > // Username/password = username/pswd coming through front
>> > door.
>> > // User coming from elsewhere will have neither username
>> > nor pswd.
>> > String username = data.getParameters().get("username");
>> > String pswd = data.getParameters().get("password");
>> >
>> > // If username exists, user came in the front door.
>> > if (username != null && username.length()>0) {
>> > uname = username;
>> > passwd = pswd;
>> > }else {
>> > uname = "guest";
>> > String encryptedPasswd =
>> > TurbineResources.getString("guest.credential");
>> > passwd = encryptedPasswd;
>> > //enc.decodeBase64Decrypt(encryptedPasswd);
>> > }
>> > // Log the user in
>> > doLogin(data, uname, passwd);
>> >
>> > try {
>> > Utils.getUserID(data);
>> > }
>> > catch (NullPointerException npe) {
>> > throw new TurbineSecurityException("Bad username or
>> > password, I say!");
>> > }
>> >
>> > }
>> > catch ( TurbineSecurityException se ) {
>> > badUserOrPassword(se, data);
>> > }
>> > catch (Exception e) {
>> > throw new PortalVelocityException(e.getMessage()=ull?":
>> > "+e.getMessage():e.getMessage(),
>> > e.getCause()=ull?e:e.getCause(), data);
>> > }
>> >
>> > }
>> > }
>> >
>> > }
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> > For additional commands, e-mail: user-help@turbine.apache.org
>> >
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> > For additional commands, e-mail: user-help@turbine.apache.org
>> >
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> For additional commands, e-mail: user-help@turbine.apache.org
>>
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
Re: user is nulled out on login attempt
Posted by Bart Selders <ba...@ibanx.nl>.
Hi,
There is a SessionService available that is able to keep track of active
HTTP sessions.
See
http://turbine.apache.org/turbine/development/turbine-2.3/apidocs/org/apache/turbine/services/session/TurbineSessionService.html
You need to configure it in your web.xml as well.
In combination with a custom SessionValidator and/or custom LoginAction
you can easily check if an user is not logged in twice.
Cheers,
Bart
Jeffery Painter wrote:
> hmm... If this is the case, then I recall this was asked/addressed a few
> years back. I would look through the archives again (looking specifically
> for detecting more than one active login) - it seems someone wrote a tool
> to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
> other old timers can remember better than I.
>
>
> --
> Jeffery Painter
>
>
>
>> Hi,
>>
>> When you say "already logged in" - do you want to check if the user is
>> logged in from another computer ? If that is the case, your user object
>> WILL
>> NOT show up in the session for the current browser.
>>
>> To implement this functionality, you will have to keep track of logged in
>> users through some separate mechanism (like say a HashSet into which you
>> add
>> any new user that logs in - first check if the user is present in the
>> HashSet, and if so direct them to a page that says they're already logged
>> in, otherwise log them in and add them to this HashSet) .
>>
>> You would also need to keep track of when a user logs out and when a
>> session
>> times out, so that you can remove the user from this HashSet when either
>> of
>> these occur. Check out the HttpSessionBindingListener interface. The
>> easiest
>> way is for your User object to implement this interface and Add / Remove
>> itself from the HashSet when the valueBound() / valueUnbound() methods are
>> called respectively.
>>
>> BK
>>
>>
>> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
>> nathan.shaw-1@nasa.gov> wrote:
>>
>>
>>> Thanks Jeffrey,
>>>
>>> The problem is not in logging a user in... the action I have is doing
>>> that
>>> just fine. The problem is when you try to detect if a user calling the
>>> login
>>> action is ALREADY logged in or not (in this case, we have guest users
>>> coming
>>> in from another site).
>>>
>>> I want to make it so if the user is already logged in, it does not log
>>> them in again. However, when I test the User returned in the doperform()
>>> method in my login action, it is always NULL. It appears that something
>>> up
>>> the chain is wiping the User object and the session.
>>>
>>> --Nathan
>>>
>>>
>>> -----Original Message-----
>>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>>> Sent: Thu 1/31/2008 1:08 PM
>>> To: Turbine Users List
>>> Subject: RE: user is nulled out on login attempt
>>>
>>>
>>> I had used Turbine to build a prototype of an electronic health record
>>> system.
>>>
>>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>>> custom
>>> login action is here:
>>>
>>>
>>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/edu/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content-type=text/vnd.viewcvs-markup
>>>
>>> Maybe that will give you some insight... it worked last time I ran the
>>> code but that was Dec 2006...
>>>
>>> Hope it helps
>>>
>>> --
>>> Jeffery Painter
>>> Knowledge Engineer
>>> Semantic Technologies Group
>>> Statistical and Quantitative Sciences
>>> GlaxoSmithKline Research and Development
>>>
>>>
>>>
>>>> I don't get that. The test is if the user is NOT null.
>>>>
>>>> Anyway, it does work. I took it from my SNA login code (our first
>>>> Turbine project.)
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 12:17 PM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> I don't think that will work because that will mean that the user is
>>>> null and is not logged in at all. It will actually probably be caught
>>>>
>>> by
>>>
>>>> the SessionValidator and just take them back to the login page.
>>>>
>>>> I am actually checking the User object and outputting whether it is
>>>>
>>> null
>>>
>>>> or not in the login action. I tried both getUser() and
>>>> getUserFromSession() and they are both NULL every single time a login
>>>>
>>> is
>>>
>>>> attempted. Something up the chain is clearing all of that out before
>>>>
>>> the
>>>
>>>> login occurs.
>>>>
>>>> --Nathan
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>>>> [mailto:bruce.altner-1@nasa.gov]
>>>> Sent: Thu 1/31/2008 9:29 AM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> How about just doing this, early in the Login action doPerform method
>>>> (first thing?):
>>>>
>>>>
>>>> if ( data.getUserFromSession() != null )
>>>> {
>>>> return;
>>>> }
>>>>
>>>>
>>>> Bruce
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 8:35 AM
>>>> To: user@turbine.apache.org
>>>> Subject: user is nulled out on login attempt
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> I am writing my own login action and need to be able to check to see
>>>>
>>> if
>>>
>>>> a user is already logged in when the action is called. If they are, I
>>>> want to skip the login stuff to preserve their session. However, every
>>>> single time that the login action is called, the User object is coming
>>>> back NULL.
>>>>
>>>> Here is a code snippet. Does anyone have any idea WHY the user is
>>>>
>>> coming
>>>
>>>> back NULL? I assume something is happening in Turbine somewhere that
>>>> wipes the User on a login attempt or something?
>>>>
>>>>
>>>> public class OutageCalLoginUser extends LoginUser {
>>>>
>>>> public void doPerform( RunData data, Context context) throws Exception
>>>>
>>> {
>>>
>>>> String uname ;
>>>> String passwd ;
>>>>
>>>> System.out.println("doPerform(data, context)");
>>>> if ( data.getUserFromSession() == null ){
>>>> System.out.println("user from session is null");
>>>> }else{
>>>> System.out.println("user from session is NOT null");
>>>> }
>>>>
>>>> if(data.getUser() == null){
>>>> System.out.println("user is null");
>>>> }else{
>>>> System.out.println("user is NOT null");
>>>> if(data.getUser().hasLoggedIn()){
>>>> System.out.println("user is logged in");
>>>> }else{
>>>> System.out.println("user is NOT logged in");
>>>> }
>>>> }
>>>>
>>>>
>>>> if((data.getUser() == null) || (data.getUser() != null &&
>>>> data.getUser().hasLoggedIn() == false)){
>>>>
>>>> try {
>>>> SymEncDec enc = SymEncDec.getInstance();
>>>>
>>>> // Username/password = username/pswd coming through front
>>>> door.
>>>> // User coming from elsewhere will have neither username
>>>> nor pswd.
>>>> String username = data.getParameters().get("username");
>>>> String pswd = data.getParameters().get("password");
>>>>
>>>> // If username exists, user came in the front door.
>>>> if (username != null && username.length()>0) {
>>>> uname = username;
>>>> passwd = pswd;
>>>> }else {
>>>> uname = "guest";
>>>> String encryptedPasswd =
>>>> TurbineResources.getString("guest.credential");
>>>> passwd = encryptedPasswd;
>>>> //enc.decodeBase64Decrypt(encryptedPasswd);
>>>> }
>>>> // Log the user in
>>>> doLogin(data, uname, passwd);
>>>>
>>>> try {
>>>> Utils.getUserID(data);
>>>> }
>>>> catch (NullPointerException npe) {
>>>> throw new TurbineSecurityException("Bad username or
>>>> password, I say!");
>>>> }
>>>>
>>>> }
>>>> catch ( TurbineSecurityException se ) {
>>>> badUserOrPassword(se, data);
>>>> }
>>>> catch (Exception e) {
>>>> throw new PortalVelocityException(e.getMessage()=ull?":
>>>> "+e.getMessage():e.getMessage(),
>>>> e.getCause()=ull?e:e.getCause(), data);
>>>> }
>>>>
>>>> }
>>>> }
>>>>
>>>> }
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>
>>>
>>>
>>>
>>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
>
*************************************************************************
The information contained in this communication is confidential and is intended solely for the use of the individual or entity to whom it is addressed.You should not copy, disclose or distribute this communication without the authority of iBanx bv. iBanx bv is neither liable for the proper and complete transmission of the information has been maintained nor that the communication is free of viruses, interceptions or interference.
If you are not the intended recipient of this communication please return the communication to the sender and delete and destroy all copies.
Re: user is nulled out on login attempt
Posted by Bruce Altner <br...@nasa.gov>.
Nte:
I was looking at a clas I'd written for SNA (SNALogin.java, clever name,
huh?) which authenticated against the ACE server (token-based). Here is a
comment from that file for the javadoc:
* <p><em>Note: Turbine clears the session before calling this
* method</em></p>
I also took up your challenge when I had time this afternoon and built the
outage calendar locally and you are right...my code snippet which was
supposed to exit the method if data.getUserFromSession() != null failed to
solve the problem, so I think you are right, this happens "higher up" in the
framework.
I can't shake the memory that I solved this already (SNA) but it's not
readily apparent fom the code how I did this. Maybe I never did and only
wished that I had!
Bruce
On 1/31/08 7:24 PM, "Shaw, Nathan (HQ-LD070)[InDyne, Inc]"
<na...@nasa.gov> wrote:
> Yeah, I saw that post about tracking multiple sessions. Unfortunately, that is
> not what I want. I simply want to check if the user is logged in on the same
> machine. I am not worried about tracking multiple sessions.
>
> For some reason, when a new login attempt is made, Turbine is clearing the
> User object and session. I basically want to be able to check to see if the
> user is already logged in when they access the login action. If they are, skip
> the login, as they are already logged in. If not, try to log them in.
>
>
>
>
> -----Original Message-----
> From: Jeffery Painter [mailto:painter@kiasoft.com]
> Sent: Thu 1/31/2008 6:03 PM
> To: Turbine Users List
> Subject: Re: user is nulled out on login attempt
>
>
> hmm... If this is the case, then I recall this was asked/addressed a few
> years back. I would look through the archives again (looking specifically
> for detecting more than one active login) - it seems someone wrote a tool
> to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
> other old timers can remember better than I.
>
>
> --
> Jeffery Painter
>
>
>> Hi,
>>
>> When you say "already logged in" - do you want to check if the user is
>> logged in from another computer ? If that is the case, your user object
>> WILL
>> NOT show up in the session for the current browser.
>>
>> To implement this functionality, you will have to keep track of logged in
>> users through some separate mechanism (like say a HashSet into which you
>> add
>> any new user that logs in - first check if the user is present in the
>> HashSet, and if so direct them to a page that says they're already logged
>> in, otherwise log them in and add them to this HashSet) .
>>
>> You would also need to keep track of when a user logs out and when a
>> session
>> times out, so that you can remove the user from this HashSet when either
>> of
>> these occur. Check out the HttpSessionBindingListener interface. The
>> easiest
>> way is for your User object to implement this interface and Add / Remove
>> itself from the HashSet when the valueBound() / valueUnbound() methods are
>> called respectively.
>>
>> BK
>>
>>
>> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
>> nathan.shaw-1@nasa.gov> wrote:
>>
>>> Thanks Jeffrey,
>>>
>>> The problem is not in logging a user in... the action I have is doing
>>> that
>>> just fine. The problem is when you try to detect if a user calling the
>>> login
>>> action is ALREADY logged in or not (in this case, we have guest users
>>> coming
>>> in from another site).
>>>
>>> I want to make it so if the user is already logged in, it does not log
>>> them in again. However, when I test the User returned in the doperform()
>>> method in my login action, it is always NULL. It appears that something
>>> up
>>> the chain is wiping the User object and the session.
>>>
>>> --Nathan
>>>
>>>
>>> -----Original Message-----
>>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>>> Sent: Thu 1/31/2008 1:08 PM
>>> To: Turbine Users List
>>> Subject: RE: user is nulled out on login attempt
>>>
>>>
>>> I had used Turbine to build a prototype of an electronic health record
>>> system.
>>>
>>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>>> custom
>>> login action is here:
>>>
>>>
>>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/ed
>>> u/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content
>>> -type=text/vnd.viewcvs-markup
>>>
>>> Maybe that will give you some insight... it worked last time I ran the
>>> code but that was Dec 2006...
>>>
>>> Hope it helps
>>>
>>> --
>>> Jeffery Painter
>>> Knowledge Engineer
>>> Semantic Technologies Group
>>> Statistical and Quantitative Sciences
>>> GlaxoSmithKline Research and Development
>>>
>>>
>>>> I don't get that. The test is if the user is NOT null.
>>>>
>>>> Anyway, it does work. I took it from my SNA login code (our first
>>>> Turbine project.)
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 12:17 PM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> I don't think that will work because that will mean that the user is
>>>> null and is not logged in at all. It will actually probably be caught
>>> by
>>>> the SessionValidator and just take them back to the login page.
>>>>
>>>> I am actually checking the User object and outputting whether it is
>>> null
>>>> or not in the login action. I tried both getUser() and
>>>> getUserFromSession() and they are both NULL every single time a login
>>> is
>>>> attempted. Something up the chain is clearing all of that out before
>>> the
>>>> login occurs.
>>>>
>>>> --Nathan
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>>>> [mailto:bruce.altner-1@nasa.gov]
>>>> Sent: Thu 1/31/2008 9:29 AM
>>>> To: Turbine Users List
>>>> Subject: RE: user is nulled out on login attempt
>>>>
>>>> How about just doing this, early in the Login action doPerform method
>>>> (first thing?):
>>>>
>>>>
>>>> if ( data.getUserFromSession() != null )
>>>> {
>>>> return;
>>>> }
>>>>
>>>>
>>>> Bruce
>>>>
>>>> -----Original Message-----
>>>> From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>>>> [mailto:nathan.shaw-1@nasa.gov]
>>>> Sent: Thursday, January 31, 2008 8:35 AM
>>>> To: user@turbine.apache.org
>>>> Subject: user is nulled out on login attempt
>>>>
>>>>
>>>> Hi all,
>>>>
>>>> I am writing my own login action and need to be able to check to see
>>> if
>>>> a user is already logged in when the action is called. If they are, I
>>>> want to skip the login stuff to preserve their session. However, every
>>>> single time that the login action is called, the User object is coming
>>>> back NULL.
>>>>
>>>> Here is a code snippet. Does anyone have any idea WHY the user is
>>> coming
>>>> back NULL? I assume something is happening in Turbine somewhere that
>>>> wipes the User on a login attempt or something?
>>>>
>>>>
>>>> public class OutageCalLoginUser extends LoginUser {
>>>>
>>>> public void doPerform( RunData data, Context context) throws Exception
>>> {
>>>> String uname ;
>>>> String passwd ;
>>>>
>>>> System.out.println("doPerform(data, context)");
>>>> if ( data.getUserFromSession() == null ){
>>>> System.out.println("user from session is null");
>>>> }else{
>>>> System.out.println("user from session is NOT null");
>>>> }
>>>>
>>>> if(data.getUser() == null){
>>>> System.out.println("user is null");
>>>> }else{
>>>> System.out.println("user is NOT null");
>>>> if(data.getUser().hasLoggedIn()){
>>>> System.out.println("user is logged in");
>>>> }else{
>>>> System.out.println("user is NOT logged in");
>>>> }
>>>> }
>>>>
>>>>
>>>> if((data.getUser() == null) || (data.getUser() != null &&
>>>> data.getUser().hasLoggedIn() == false)){
>>>>
>>>> try {
>>>> SymEncDec enc = SymEncDec.getInstance();
>>>>
>>>> // Username/password = username/pswd coming through front
>>>> door.
>>>> // User coming from elsewhere will have neither username
>>>> nor pswd.
>>>> String username = data.getParameters().get("username");
>>>> String pswd = data.getParameters().get("password");
>>>>
>>>> // If username exists, user came in the front door.
>>>> if (username != null && username.length()>0) {
>>>> uname = username;
>>>> passwd = pswd;
>>>> }else {
>>>> uname = "guest";
>>>> String encryptedPasswd =
>>>> TurbineResources.getString("guest.credential");
>>>> passwd = encryptedPasswd;
>>>> //enc.decodeBase64Decrypt(encryptedPasswd);
>>>> }
>>>> // Log the user in
>>>> doLogin(data, uname, passwd);
>>>>
>>>> try {
>>>> Utils.getUserID(data);
>>>> }
>>>> catch (NullPointerException npe) {
>>>> throw new TurbineSecurityException("Bad username or
>>>> password, I say!");
>>>> }
>>>>
>>>> }
>>>> catch ( TurbineSecurityException se ) {
>>>> badUserOrPassword(se, data);
>>>> }
>>>> catch (Exception e) {
>>>> throw new PortalVelocityException(e.getMessage()=ull?":
>>>> "+e.getMessage():e.getMessage(),
>>>> e.getCause()=ull?e:e.getCause(), data);
>>>> }
>>>>
>>>> }
>>>> }
>>>>
>>>> }
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>>> For additional commands, e-mail: user-help@turbine.apache.org
>>>
>>>
>>>
>>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
RE: user is nulled out on login attempt
Posted by "Shaw, Nathan (HQ-LD070)[InDyne, Inc]" <na...@nasa.gov>.
Yeah, I saw that post about tracking multiple sessions. Unfortunately, that is not what I want. I simply want to check if the user is logged in on the same machine. I am not worried about tracking multiple sessions.
For some reason, when a new login attempt is made, Turbine is clearing the User object and session. I basically want to be able to check to see if the user is already logged in when they access the login action. If they are, skip the login, as they are already logged in. If not, try to log them in.
-----Original Message-----
From: Jeffery Painter [mailto:painter@kiasoft.com]
Sent: Thu 1/31/2008 6:03 PM
To: Turbine Users List
Subject: Re: user is nulled out on login attempt
hmm... If this is the case, then I recall this was asked/addressed a few
years back. I would look through the archives again (looking specifically
for detecting more than one active login) - it seems someone wrote a tool
to handle just that (or maybe it was in the 2.4 tree) -- maybe some of the
other old timers can remember better than I.
--
Jeffery Painter
> Hi,
>
> When you say "already logged in" - do you want to check if the user is
> logged in from another computer ? If that is the case, your user object
> WILL
> NOT show up in the session for the current browser.
>
> To implement this functionality, you will have to keep track of logged in
> users through some separate mechanism (like say a HashSet into which you
> add
> any new user that logs in - first check if the user is present in the
> HashSet, and if so direct them to a page that says they're already logged
> in, otherwise log them in and add them to this HashSet) .
>
> You would also need to keep track of when a user logs out and when a
> session
> times out, so that you can remove the user from this HashSet when either
> of
> these occur. Check out the HttpSessionBindingListener interface. The
> easiest
> way is for your User object to implement this interface and Add / Remove
> itself from the HashSet when the valueBound() / valueUnbound() methods are
> called respectively.
>
> BK
>
>
> On Feb 1, 2008 12:40 AM, Shaw, Nathan (HQ-LD070)[InDyne, Inc] <
> nathan.shaw-1@nasa.gov> wrote:
>
>> Thanks Jeffrey,
>>
>> The problem is not in logging a user in... the action I have is doing
>> that
>> just fine. The problem is when you try to detect if a user calling the
>> login
>> action is ALREADY logged in or not (in this case, we have guest users
>> coming
>> in from another site).
>>
>> I want to make it so if the user is already logged in, it does not log
>> them in again. However, when I test the User returned in the doperform()
>> method in my login action, it is always NULL. It appears that something
>> up
>> the chain is wiping the User object and the session.
>>
>> --Nathan
>>
>>
>> -----Original Message-----
>> From: Jeffery Painter [mailto:painter@kiasoft.com]
>> Sent: Thu 1/31/2008 1:08 PM
>> To: Turbine Users List
>> Subject: RE: user is nulled out on login attempt
>>
>>
>> I had used Turbine to build a prototype of an electronic health record
>> system.
>>
>> I can't remember if we were using Turbine 2.1 or 2.2 but I have my
>> custom
>> login action is here:
>>
>>
>> http://office.kiasoft.com/viewcvs/viewcvs.cgi/agrippa/WebRoot/WEB-INF/src/edu/ncsu/csc/agrippa/modules/actions/AgrippaLoginUser.java?rev=1.1.1.1&content-type=text/vnd.viewcvs-markup
>>
>> Maybe that will give you some insight... it worked last time I ran the
>> code but that was Dec 2006...
>>
>> Hope it helps
>>
>> --
>> Jeffery Painter
>> Knowledge Engineer
>> Semantic Technologies Group
>> Statistical and Quantitative Sciences
>> GlaxoSmithKline Research and Development
>>
>>
>> > I don't get that. The test is if the user is NOT null.
>> >
>> > Anyway, it does work. I took it from my SNA login code (our first
>> > Turbine project.)
>> >
>> > -----Original Message-----
>> > From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>> > [mailto:nathan.shaw-1@nasa.gov]
>> > Sent: Thursday, January 31, 2008 12:17 PM
>> > To: Turbine Users List
>> > Subject: RE: user is nulled out on login attempt
>> >
>> > I don't think that will work because that will mean that the user is
>> > null and is not logged in at all. It will actually probably be caught
>> by
>> > the SessionValidator and just take them back to the login page.
>> >
>> > I am actually checking the User object and outputting whether it is
>> null
>> > or not in the login action. I tried both getUser() and
>> > getUserFromSession() and they are both NULL every single time a login
>> is
>> > attempted. Something up the chain is clearing all of that out before
>> the
>> > login occurs.
>> >
>> > --Nathan
>> >
>> >
>> > -----Original Message-----
>> > From: Altner, Bruce (HQ-LD070)[InDyne, Inc]
>> > [mailto:bruce.altner-1@nasa.gov]
>> > Sent: Thu 1/31/2008 9:29 AM
>> > To: Turbine Users List
>> > Subject: RE: user is nulled out on login attempt
>> >
>> > How about just doing this, early in the Login action doPerform method
>> > (first thing?):
>> >
>> >
>> > if ( data.getUserFromSession() != null )
>> > {
>> > return;
>> > }
>> >
>> >
>> > Bruce
>> >
>> > -----Original Message-----
>> > From: Shaw, Nathan (HQ-LD070)[InDyne, Inc]
>> > [mailto:nathan.shaw-1@nasa.gov]
>> > Sent: Thursday, January 31, 2008 8:35 AM
>> > To: user@turbine.apache.org
>> > Subject: user is nulled out on login attempt
>> >
>> >
>> > Hi all,
>> >
>> > I am writing my own login action and need to be able to check to see
>> if
>> > a user is already logged in when the action is called. If they are, I
>> > want to skip the login stuff to preserve their session. However, every
>> > single time that the login action is called, the User object is coming
>> > back NULL.
>> >
>> > Here is a code snippet. Does anyone have any idea WHY the user is
>> coming
>> > back NULL? I assume something is happening in Turbine somewhere that
>> > wipes the User on a login attempt or something?
>> >
>> >
>> > public class OutageCalLoginUser extends LoginUser {
>> >
>> > public void doPerform( RunData data, Context context) throws Exception
>> {
>> > String uname ;
>> > String passwd ;
>> >
>> > System.out.println("doPerform(data, context)");
>> > if ( data.getUserFromSession() == null ){
>> > System.out.println("user from session is null");
>> > }else{
>> > System.out.println("user from session is NOT null");
>> > }
>> >
>> > if(data.getUser() == null){
>> > System.out.println("user is null");
>> > }else{
>> > System.out.println("user is NOT null");
>> > if(data.getUser().hasLoggedIn()){
>> > System.out.println("user is logged in");
>> > }else{
>> > System.out.println("user is NOT logged in");
>> > }
>> > }
>> >
>> >
>> > if((data.getUser() == null) || (data.getUser() != null &&
>> > data.getUser().hasLoggedIn() == false)){
>> >
>> > try {
>> > SymEncDec enc = SymEncDec.getInstance();
>> >
>> > // Username/password = username/pswd coming through front
>> > door.
>> > // User coming from elsewhere will have neither username
>> > nor pswd.
>> > String username = data.getParameters().get("username");
>> > String pswd = data.getParameters().get("password");
>> >
>> > // If username exists, user came in the front door.
>> > if (username != null && username.length()>0) {
>> > uname = username;
>> > passwd = pswd;
>> > }else {
>> > uname = "guest";
>> > String encryptedPasswd =
>> > TurbineResources.getString("guest.credential");
>> > passwd = encryptedPasswd;
>> > //enc.decodeBase64Decrypt(encryptedPasswd);
>> > }
>> > // Log the user in
>> > doLogin(data, uname, passwd);
>> >
>> > try {
>> > Utils.getUserID(data);
>> > }
>> > catch (NullPointerException npe) {
>> > throw new TurbineSecurityException("Bad username or
>> > password, I say!");
>> > }
>> >
>> > }
>> > catch ( TurbineSecurityException se ) {
>> > badUserOrPassword(se, data);
>> > }
>> > catch (Exception e) {
>> > throw new PortalVelocityException(e.getMessage()=ull?":
>> > "+e.getMessage():e.getMessage(),
>> > e.getCause()=ull?e:e.getCause(), data);
>> > }
>> >
>> > }
>> > }
>> >
>> > }
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> > For additional commands, e-mail: user-help@turbine.apache.org
>> >
>> >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> > For additional commands, e-mail: user-help@turbine.apache.org
>> >
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
>> For additional commands, e-mail: user-help@turbine.apache.org
>>
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org