You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by James Liao <ji...@gmail.com> on 2005/08/01 07:55:11 UTC
About Portal web application Single Sign On
All,
I have a common scenario here:
1. User visit url: http://localhost:8080/jetspeed/
2. User login as admin and leave the browser there.
3. Then user open another browser nn the same box and visit the same
url as above.
4. What user should see? I want him to see he is already sign-in.
Note: These two browsers must not share the same session.
Does it make sense?
I would like to know how should I implement this with jetspeed2? I
have try tomcat sso and config a SingleSignOn Valve(I did see the
cookie generated), but it seems didn't work.
My tomcat version is 5.0.30.
Any help would be appreciated!
- James Liao
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: About Portal web application Single Sign On
Posted by James Liao <ji...@gmail.com>.
Hi all,
Since it is hard to implement isUserInRole() method in a filter and
pluto denpends on it, I gave up the second solution. I had moved to
the first one.
Any suggestion?
- James Liao
On 8/25/05, James Liao <ji...@gmail.com> wrote:
> Hi all,
> I still have a question for the Portal web app SSO.
> I do some investigation for the Web browser SSO. If you open two IE
> browsers corresponding to two server side sessions, the only thing you
> can share is the cookie. So I plan to add an cookie checking funcation
> in J2. Once I find the cookie, I authenticated the current session by
> cookie. There are two ways to achieve it:
>
> 1. Add a tomcat valve like the tomcat bundled Single Sign On Valve.
>
> 2. Add a standard filter before jetspeed servlet filter. Create an
> customer HttpServletRequestWrapper class to wrap the original
> HttpServletRequest object, because I need to setUserPrincipal() and
> setAuthType() and override the original getUserPrincipal() and
> getAuthType() method.I will also handle the switch user issue in this
> filter. Then I would like to call the chain.doFilter() with my new
> HttpServletRequestWrapper object which encapsulated the original one.
>
> I prefer to the second solution. Although I'm only override
> getUserPrincipal() and get AuthType() method, but I'm still wondering
> if is there any side-effect to J2, since the HttpServletRequest object
> is not the original one.
>
> Any help would be appreciated!
>
> Regards,
>
> - James Liao
>
> On 8/1/05, James Liao <ji...@gmail.com> wrote:
> > Ate,
> > Thanks for response.
> > Yes, in filefox there is only one browser process in client box. I
> > think I will create a J2 Valve to handler the cookie created by
> > myself.
> >
> > - James Liao
> >
> > On 8/1/05, Ate Douma <at...@douma.nu> wrote:
> > > James Liao wrote:
> > > > All,
> > > > I have a common scenario here:
> > > > 1. User visit url: http://localhost:8080/jetspeed/
> > > > 2. User login as admin and leave the browser there.
> > > > 3. Then user open another browser nn the same box and visit the same
> > > > url as above.
> > > > 4. What user should see? I want him to see he is already sign-in.
> > > >
> > > > Note: These two browsers must not share the same session.
> > > It depends on the browser!
> > > Mozilla/Firebird will reuse the same session as session state (.e.g. cookies) is
> > > shared between the browser windows.
> > > IE will *not* reuse the same session.
> > > Other browsers may behave differently again ...
> > >
> > >
> > > >
> > > > Does it make sense?
> > > >
> > > > I would like to know how should I implement this with jetspeed2? I
> > > > have try tomcat sso and config a SingleSignOn Valve(I did see the
> > > > cookie generated), but it seems didn't work.
> > > >
> > > > My tomcat version is 5.0.30.
> > > >
> > > > Any help would be appreciated!
> > > >
> > > > - James Liao
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: About Portal web application Single Sign On
Posted by James Liao <ji...@gmail.com>.
Hi all,
I still have a question for the Portal web app SSO.
I do some investigation for the Web browser SSO. If you open two IE
browsers corresponding to two server side sessions, the only thing you
can share is the cookie. So I plan to add an cookie checking funcation
in J2. Once I find the cookie, I authenticated the current session by
cookie. There are two ways to achieve it:
1. Add a tomcat valve like the tomcat bundled Single Sign On Valve.
2. Add a standard filter before jetspeed servlet filter. Create an
customer HttpServletRequestWrapper class to wrap the original
HttpServletRequest object, because I need to setUserPrincipal() and
setAuthType() and override the original getUserPrincipal() and
getAuthType() method.I will also handle the switch user issue in this
filter. Then I would like to call the chain.doFilter() with my new
HttpServletRequestWrapper object which encapsulated the original one.
I prefer to the second solution. Although I'm only override
getUserPrincipal() and get AuthType() method, but I'm still wondering
if is there any side-effect to J2, since the HttpServletRequest object
is not the original one.
Any help would be appreciated!
Regards,
- James Liao
On 8/1/05, James Liao <ji...@gmail.com> wrote:
> Ate,
> Thanks for response.
> Yes, in filefox there is only one browser process in client box. I
> think I will create a J2 Valve to handler the cookie created by
> myself.
>
> - James Liao
>
> On 8/1/05, Ate Douma <at...@douma.nu> wrote:
> > James Liao wrote:
> > > All,
> > > I have a common scenario here:
> > > 1. User visit url: http://localhost:8080/jetspeed/
> > > 2. User login as admin and leave the browser there.
> > > 3. Then user open another browser nn the same box and visit the same
> > > url as above.
> > > 4. What user should see? I want him to see he is already sign-in.
> > >
> > > Note: These two browsers must not share the same session.
> > It depends on the browser!
> > Mozilla/Firebird will reuse the same session as session state (.e.g. cookies) is
> > shared between the browser windows.
> > IE will *not* reuse the same session.
> > Other browsers may behave differently again ...
> >
> >
> > >
> > > Does it make sense?
> > >
> > > I would like to know how should I implement this with jetspeed2? I
> > > have try tomcat sso and config a SingleSignOn Valve(I did see the
> > > cookie generated), but it seems didn't work.
> > >
> > > My tomcat version is 5.0.30.
> > >
> > > Any help would be appreciated!
> > >
> > > - James Liao
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: About Portal web application Single Sign On
Posted by James Liao <ji...@gmail.com>.
Ate,
Thanks for response.
Yes, in filefox there is only one browser process in client box. I
think I will create a J2 Valve to handler the cookie created by
myself.
- James Liao
On 8/1/05, Ate Douma <at...@douma.nu> wrote:
> James Liao wrote:
> > All,
> > I have a common scenario here:
> > 1. User visit url: http://localhost:8080/jetspeed/
> > 2. User login as admin and leave the browser there.
> > 3. Then user open another browser nn the same box and visit the same
> > url as above.
> > 4. What user should see? I want him to see he is already sign-in.
> >
> > Note: These two browsers must not share the same session.
> It depends on the browser!
> Mozilla/Firebird will reuse the same session as session state (.e.g. cookies) is
> shared between the browser windows.
> IE will *not* reuse the same session.
> Other browsers may behave differently again ...
>
>
> >
> > Does it make sense?
> >
> > I would like to know how should I implement this with jetspeed2? I
> > have try tomcat sso and config a SingleSignOn Valve(I did see the
> > cookie generated), but it seems didn't work.
> >
> > My tomcat version is 5.0.30.
> >
> > Any help would be appreciated!
> >
> > - James Liao
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
> >
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
AW: About Portal web application Single Sign On
Posted by Sven Thiergen <s....@itcampus.de>.
James Liao wrote:
> > All,
> > I have a common scenario here:
> > 1. User visit url: http://localhost:8080/jetspeed/
> > 2. User login as admin and leave the browser there.
> > 3. Then user open another browser nn the same box and visit the same
> > url as above.
> > 4. What user should see? I want him to see he is already sign-in.
> >
> > Note: These two browsers must not share the same session.
Ate Douma wrote:
> It depends on the browser!
> Mozilla/Firebird will reuse the same session as session state (.e.g.
cookies)
> is shared between the browser windows.
> IE will *not* reuse the same session.
I think it *depends*.
If you have a session running in IE and open another window with Ctrl+N, the
new window shares its session with the old window. Same applies to windows
opened via JavaScript. If you open a new window via double-click on your
desktop's iexplorer icon you get a true new session.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: About Portal web application Single Sign On
Posted by Ate Douma <at...@douma.nu>.
James Liao wrote:
> All,
> I have a common scenario here:
> 1. User visit url: http://localhost:8080/jetspeed/
> 2. User login as admin and leave the browser there.
> 3. Then user open another browser nn the same box and visit the same
> url as above.
> 4. What user should see? I want him to see he is already sign-in.
>
> Note: These two browsers must not share the same session.
It depends on the browser!
Mozilla/Firebird will reuse the same session as session state (.e.g. cookies) is
shared between the browser windows.
IE will *not* reuse the same session.
Other browsers may behave differently again ...
>
> Does it make sense?
>
> I would like to know how should I implement this with jetspeed2? I
> have try tomcat sso and config a SingleSignOn Valve(I did see the
> cookie generated), but it seems didn't work.
>
> My tomcat version is 5.0.30.
>
> Any help would be appreciated!
>
> - James Liao
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org