You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Weffen Cheung <we...@gmail.com> on 2012/01/11 11:19:55 UTC
TorqueUser synchronization problem
Hello,
I have used turbine as my products for a few years, but i am not familiar with TorqueUser. When I modify some user data directly with jdbc, I found that the data in data.getUser() is still the old data, it cannot synchronize automatically.
For example, I update user's email by this way:
Connection conn = Torque.getConnection();
conn.createStatement().executeUpdate("UPDATE turbine_user SET email='foo@foo.com WHERE huiyuan_id='1234'");
But I found that the user(1234)'s email did not change until he logins again.
I have to reload the TorqueUser in SessionValidator all the time. I think it is not a good solution. Is it there any good solution for that?
configuration of my app as the following:
services.SecurityService.user.class=com.supermodel.turbine.security.CmwUser
services.SecurityService.group.class = org.apache.turbine.services.security.torque.TorqueGroup
services.SecurityService.permission.class = org.apache.turbine.services.security.torque.TorquePermission
services.SecurityService.role.class = org.apache.turbine.services.security.torque.TorqueRole
and the CmwUser is the following:
public class CmwUser extends TorqueUser {
private static final long serialVersionUID = 1L;
public CmwUser() {
super();
}
public CmwUser(Persistent obj) {
super(obj);
}
public void reload() throws NoRowsException, TooManyRowsException,
TorqueException {
if (obj != null) {
obj = HuiyuanPeer.retrieveByPK(((Huiyuan) obj).getHuiyuanId());
}
}
}
--
Weffen Cheung
E: weffen@gmail.com
M: 13802222618
RE: TorqueUser synchronization problem
Posted by Sheldon Ross <ro...@hotmail.com>.
Lol not sure what that if statement is doing now that I look at the code. I think that was put it in before the 2 statements before it.
That's what you get for exposing your hacky code to the world.
> From: ross_sheldon@hotmail.com
> To: user@turbine.apache.org
> Subject: RE: TorqueUser synchronization problem
> Date: Thu, 12 Jan 2012 15:11:07 +0000
>
>
> You'll have issues updating other user's records using TurbineSecurity.saveUser(user) or any other method for that matter. This is because if the other user happens to be logged in when you update his user, it will be overwritten when that user logs out.
>
> When someone logs out, the session invalidation automatically saves the user in order to update last logged in time. This will overwrite changes made via a different user.
>
> In order to get around this, we actually update TurbineSecurity (Turbine 2.3) and made the save on session unbind look like this.
>
> public static void saveOnSessionUnbind(User user)
> throws UnknownEntityException, DataBackendException
> {
> //Get a fresh copy in case user was updated during session
> User fresh = getUser(user.getName());
> fresh.setHasLoggedIn(user.hasLoggedIn());
> fresh.setLastLogin(user.getLastLogin());
> if(fresh != null) getService().saveOnSessionUnbind(fresh);
> }
>
> Makes sure a fresh copy of user data is pulled in before saving, so it doesn't overwrite a password/email update on logout.
>
>
> > From: weffen@gmail.com
> > Date: Thu, 12 Jan 2012 03:42:43 +0800
> > Subject: Re: TorqueUser synchronization problem
> > To: user@turbine.apache.org
> >
> > Hello,
> >
> > I think the problem could not be solved yet because userB's TorqueUser
> > instance is session record, which is cached and should not
> > synchronized automatically even if userA modifys his record in
> > database.
> >
> > Am I right?
> >
> > Regards
> >
> > Weffen
> >
> > 在 2012-1-12,3:37,Thomas Vandahl <tv...@apache.org> 写道:
> >
> > > On 11.01.12 20:04, Weffen Cheung wrote:
> > >> Sometimes I update a user record not only after the user login. For example, I want to update userB's record when userA login. For this case, we cannot use data.getUser().save(), is it right?
> > >
> > > Well, there is TurbineSecurity.getUser(userName) which gives you any
> > > user from your backend. The clean solution would be to use
> > > TurbineSecurity.saveUser(user) then to make your modifications persistent.
> > >
> > > The only remaining question would be what userB is going to say if userA
> > > modifies his email address, IOW a permission issue.
> > >
> > > Bye, Thomas.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> > > For additional commands, e-mail: user-help@turbine.apache.org
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> > For additional commands, e-mail: user-help@turbine.apache.org
> >
>
RE: TorqueUser synchronization problem
Posted by Sheldon Ross <ro...@hotmail.com>.
Not that rare, our employees(customer service) routinely update accounts for people.
Our "Turbine" deployment is 7(8?) years old now. It's been sliced and diced and probably doesn't even look like Turbine any more. We really only use the core services anymore.
We have customized everything for account maintenance. The conversation just reminded me of when we made our account update section years ago. I just remember spending quite a bit a time tracking down why changes were getting reverted when we updated peoples email addresses for them. So really the only thing the save on session unbind does for us now is tell us when the last time they were on was. Could probably clean it up and just update the object directly. Oh well, tangental to the original discussion.
Sheldon
> Date: Thu, 12 Jan 2012 19:13:19 +0100
> From: tv@apache.org
> To: user@turbine.apache.org
> Subject: Re: TorqueUser synchronization problem
>
> On 12.01.12 16:11, Sheldon Ross wrote:
> > In order to get around this, we actually update TurbineSecurity (Turbine 2.3) and made the save on session unbind look like this.
>
> IMO it's probably easier to modify the
> SecurityService.saveOnSessionUnbind() method as this is meant to be
> pluggable in Turbine.
>
> > public static void saveOnSessionUnbind(User user)
> > throws UnknownEntityException, DataBackendException
> > {
> > //Get a fresh copy in case user was updated during session
> > User fresh = getUser(user.getName());
> > fresh.setHasLoggedIn(user.hasLoggedIn());
> > fresh.setLastLogin(user.getLastLogin());
> > if(fresh != null) getService().saveOnSessionUnbind(fresh);
> > }
> >
> > Makes sure a fresh copy of user data is pulled in before saving, so it doesn't overwrite a password/email update on logout.
>
> ... but throws away all modifications the user may have done himself.
> Especially those in PermStorage which we for example use for preferences
> storage. Do you want this?
>
> A clean solution to handle this correctly needs to cover all conflict
> situations and probably has to use some sort of locking within the
> database. Although all of this is absolutely possible, it's a lot of
> effort for a (IMO) rare use case.
>
> Bye, Thomas.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
Re: TorqueUser synchronization problem
Posted by Thomas Vandahl <tv...@apache.org>.
On 12.01.12 16:11, Sheldon Ross wrote:
> In order to get around this, we actually update TurbineSecurity (Turbine 2.3) and made the save on session unbind look like this.
IMO it's probably easier to modify the
SecurityService.saveOnSessionUnbind() method as this is meant to be
pluggable in Turbine.
> public static void saveOnSessionUnbind(User user)
> throws UnknownEntityException, DataBackendException
> {
> //Get a fresh copy in case user was updated during session
> User fresh = getUser(user.getName());
> fresh.setHasLoggedIn(user.hasLoggedIn());
> fresh.setLastLogin(user.getLastLogin());
> if(fresh != null) getService().saveOnSessionUnbind(fresh);
> }
>
> Makes sure a fresh copy of user data is pulled in before saving, so it doesn't overwrite a password/email update on logout.
... but throws away all modifications the user may have done himself.
Especially those in PermStorage which we for example use for preferences
storage. Do you want this?
A clean solution to handle this correctly needs to cover all conflict
situations and probably has to use some sort of locking within the
database. Although all of this is absolutely possible, it's a lot of
effort for a (IMO) rare use case.
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
RE: TorqueUser synchronization problem
Posted by Sheldon Ross <ro...@hotmail.com>.
You'll have issues updating other user's records using TurbineSecurity.saveUser(user) or any other method for that matter. This is because if the other user happens to be logged in when you update his user, it will be overwritten when that user logs out.
When someone logs out, the session invalidation automatically saves the user in order to update last logged in time. This will overwrite changes made via a different user.
In order to get around this, we actually update TurbineSecurity (Turbine 2.3) and made the save on session unbind look like this.
public static void saveOnSessionUnbind(User user)
throws UnknownEntityException, DataBackendException
{
//Get a fresh copy in case user was updated during session
User fresh = getUser(user.getName());
fresh.setHasLoggedIn(user.hasLoggedIn());
fresh.setLastLogin(user.getLastLogin());
if(fresh != null) getService().saveOnSessionUnbind(fresh);
}
Makes sure a fresh copy of user data is pulled in before saving, so it doesn't overwrite a password/email update on logout.
> From: weffen@gmail.com
> Date: Thu, 12 Jan 2012 03:42:43 +0800
> Subject: Re: TorqueUser synchronization problem
> To: user@turbine.apache.org
>
> Hello,
>
> I think the problem could not be solved yet because userB's TorqueUser
> instance is session record, which is cached and should not
> synchronized automatically even if userA modifys his record in
> database.
>
> Am I right?
>
> Regards
>
> Weffen
>
> 在 2012-1-12,3:37,Thomas Vandahl <tv...@apache.org> 写道:
>
> > On 11.01.12 20:04, Weffen Cheung wrote:
> >> Sometimes I update a user record not only after the user login. For example, I want to update userB's record when userA login. For this case, we cannot use data.getUser().save(), is it right?
> >
> > Well, there is TurbineSecurity.getUser(userName) which gives you any
> > user from your backend. The clean solution would be to use
> > TurbineSecurity.saveUser(user) then to make your modifications persistent.
> >
> > The only remaining question would be what userB is going to say if userA
> > modifies his email address, IOW a permission issue.
> >
> > Bye, Thomas.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> > For additional commands, e-mail: user-help@turbine.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
Re: TorqueUser synchronization problem
Posted by Thomas Vandahl <tv...@apache.org>.
On 12.01.12 18:47, Thomas Vandahl wrote:
> Yes you are. And then you have the sessionUnbind issue as pointed out by
> Sheldon. But still there is help. You may use the SessionService (you'll
> need to add the SessionListener to your application) to get access to
> your active sessions like in TurbineSession.getSessionsForUser(user) and
> then update the user object in those sessions.
One more addition: You should not replace the user objects in the
sessions you get as the user might have modified settings in his
PermStorage or TempStorage. You rather apply the modifications to the
user objects and let them save themselves.
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
Re: TorqueUser synchronization problem
Posted by Thomas Vandahl <tv...@apache.org>.
On 11.01.12 20:42, Will Cheung wrote:
> I think the problem could not be solved yet because userB's TorqueUser
> instance is session record, which is cached and should not
> synchronized automatically even if userA modifys his record in
> database.
>
> Am I right?
Yes you are. And then you have the sessionUnbind issue as pointed out by
Sheldon. But still there is help. You may use the SessionService (you'll
need to add the SessionListener to your application) to get access to
your active sessions like in TurbineSession.getSessionsForUser(user) and
then update the user object in those sessions.
However I'm still not sure about the use case. Are you absolutely sure
that you want to modify user settings of other users?
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
Re: TorqueUser synchronization problem
Posted by Will Cheung <we...@gmail.com>.
Hello,
I think the problem could not be solved yet because userB's TorqueUser
instance is session record, which is cached and should not
synchronized automatically even if userA modifys his record in
database.
Am I right?
Regards
Weffen
在 2012-1-12,3:37,Thomas Vandahl <tv...@apache.org> 写道:
> On 11.01.12 20:04, Weffen Cheung wrote:
>> Sometimes I update a user record not only after the user login. For example, I want to update userB's record when userA login. For this case, we cannot use data.getUser().save(), is it right?
>
> Well, there is TurbineSecurity.getUser(userName) which gives you any
> user from your backend. The clean solution would be to use
> TurbineSecurity.saveUser(user) then to make your modifications persistent.
>
> The only remaining question would be what userB is going to say if userA
> modifies his email address, IOW a permission issue.
>
> Bye, Thomas.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
Re: TorqueUser synchronization problem
Posted by Thomas Vandahl <tv...@apache.org>.
On 11.01.12 20:04, Weffen Cheung wrote:
> Sometimes I update a user record not only after the user login. For example, I want to update userB's record when userA login. For this case, we cannot use data.getUser().save(), is it right?
Well, there is TurbineSecurity.getUser(userName) which gives you any
user from your backend. The clean solution would be to use
TurbineSecurity.saveUser(user) then to make your modifications persistent.
The only remaining question would be what userB is going to say if userA
modifies his email address, IOW a permission issue.
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org
Re: TorqueUser synchronization problem
Posted by Weffen Cheung <we...@gmail.com>.
Hello Thomas,
Thanks for your reply.
Sometimes I update a user record not only after the user login. For example, I want to update userB's record when userA login. For this case, we cannot use data.getUser().save(), is it right?
Thanks!
Weffen
在 2012-1-12,上午2:58, Thomas Vandahl 写道:
> Hi,
>
> On 11.01.12 11:19, Weffen Cheung wrote:
>> I have used turbine as my products for a few years, but i am not familiar with TorqueUser. When I modify some user data directly with jdbc, I found that the data in data.getUser() is still the old data, it cannot synchronize automatically.
>>
>> For example, I update user's email by this way:
>>
>> Connection conn = Torque.getConnection();
>> conn.createStatement().executeUpdate("UPDATE turbine_user SET email='foo@foo.com WHERE huiyuan_id='1234'");
>>
>> But I found that the user(1234)'s email did not change until he logins again.
>> I have to reload the TorqueUser in SessionValidator all the time. I think it is not a good solution. Is it there any good solution for that?
>
> You can use data.getUser().setEmail("foo@foo.com") followed by a
> data.getUser().save(). Is there any special reason for the separate
> UPDATE statement?
>
> Bye, Thomas.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
> For additional commands, e-mail: user-help@turbine.apache.org
>
--
Weffen Cheung
E: weffen@gmail.com
M: 13802222618
Re: TorqueUser synchronization problem
Posted by Thomas Vandahl <tv...@apache.org>.
Hi,
On 11.01.12 11:19, Weffen Cheung wrote:
> I have used turbine as my products for a few years, but i am not familiar with TorqueUser. When I modify some user data directly with jdbc, I found that the data in data.getUser() is still the old data, it cannot synchronize automatically.
>
> For example, I update user's email by this way:
>
> Connection conn = Torque.getConnection();
> conn.createStatement().executeUpdate("UPDATE turbine_user SET email='foo@foo.com WHERE huiyuan_id='1234'");
>
> But I found that the user(1234)'s email did not change until he logins again.
> I have to reload the TorqueUser in SessionValidator all the time. I think it is not a good solution. Is it there any good solution for that?
You can use data.getUser().setEmail("foo@foo.com") followed by a
data.getUser().save(). Is there any special reason for the separate
UPDATE statement?
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@turbine.apache.org
For additional commands, e-mail: user-help@turbine.apache.org