sso for turbine apps!

[rh...@telerama.com]

I just wrote a really cool infrastructure for sso that I will be using to
provide sso for jetspeed and two other turbine applications that I have
written.   I will release it to the jetspeed and turbine community.  I
only need one question to be answered.
Given that I have a HttpSession of a authenticated user in a turbine app,
how can I get the TurbineUser or User object from the session.  
I know that I can do it from the RunData object, but I am in a filter, and
that object is not available to me.

Thanks!

In case you are wondering, it's a set of servlets and filters that get the
cookie value and ask for sso server (a servlet in the authoritative
container) if the session is valid.  If the servlet answers, it will be in
an xml format that the filter will parse and create a new session in that
container.

In this way, two turbine apps in different jvms, on different hosts can
have SSO.  IT works for beyond turbine also, I have the various options
parameterized in the web.xml, so we can do sso between oracle portal, or
whatever.

The only requirement is that the applications are in same domain.
test.x.com and test2.x.com will work.






--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: sso for turbine apps!

["Dan K." <da...@YorkU.CA>]

Hi,

I'm very much interested in your cool infrastructure for sso...I'm staying
tuned.  And in the meantime I believe I have your answer.. :)

In DefaultTurbineRunData.java, the save() method is what saves the user
object to the session:

    /**
     * Saves a user object into the session.
     */
    public void save()
    {
        session.putValue(User.SESSION_KEY, (Object) user );
    }


And here's the definition for User.SESSION_KEY:

    /** The session key for the User object. */
    public static final String SESSION_KEY = "turbine.user";

So if you can access the session, retrieve the user object with that key.

Regards,
Dan


On Thu, 26 Sep 2002 rhodespc@telerama.com wrote:

> I just wrote a really cool infrastructure for sso that I will be using to
> provide sso for jetspeed and two other turbine applications that I have
> written.   I will release it to the jetspeed and turbine community.  I
> only need one question to be answered.
> Given that I have a HttpSession of a authenticated user in a turbine app,
> how can I get the TurbineUser or User object from the session.
> I know that I can do it from the RunData object, but I am in a filter, and
> that object is not available to me.
>
> Thanks!
>
> In case you are wondering, it's a set of servlets and filters that get the
> cookie value and ask for sso server (a servlet in the authoritative
> container) if the session is valid.  If the servlet answers, it will be in
> an xml format that the filter will parse and create a new session in that
> container.
>
> In this way, two turbine apps in different jvms, on different hosts can
> have SSO.  IT works for beyond turbine also, I have the various options
> parameterized in the web.xml, so we can do sso between oracle portal, or
> whatever.
>
> The only requirement is that the applications are in same domain.
> test.x.com and test2.x.com will work.
>
>
>
>
>
>
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>