sso(my app) 1stuser login and logout 2nd user login it show Connected users:1st login userinfo

Hi Norbert,


Thanks for u r help.
i have implemetner SSO as bellow following

public class MyuserSSO implements SSO { // you must implement met.jforum.sso.SSO

static final Logger logger = Logger.getLogger(MyuserSSO.class.getName()); // init logging
private String username=null;

private Connection conn;
public String authenticateUser(RequestContext request) { // required method


HttpServletRequest req=(HttpServletRequest)request;
HttpSession session =req.getSession();
username=session.getAttribute("email").toString();


net.jforum.entities.User user=null ;

String mysession=session.getAttribute("auto-login").toString();
System.out.println("mysession-->"+mysession);
if(mysession!=null){
session.removeAttribute("auto-login");

String users=null;
DataSourceConnection dsc =null;
try{
dsc = new DataSourceConnection(); // my apps database
dsc.init();
conn = (Connection) dsc.getConnection();
DAOManager managerDAO =new DAOManager();

managerDAO.getUserDAO(conn);
user = managerDAO.getUserByName(username);

username=user.getUsername();


}catch(Exception e){
e.printStackTrace();
}
finally{
try{
dsc.releaseConnection(conn);
}catch(Exception e){}
}


session.setAttribute("password", user.getPassword()); // set correct password
session.setAttribute("email", user.getUsername()); // and email address (my username)
Cookie cookie = new Cookie("JforumSSO", user.getUsername());
cookie.setMaxAge(60*60*1);
cookie.setPath("/");
JForumExecutionContext.getResponse().addCookie(cookie);


if (user == null ) {
logger.warn("***DISABLED_ATTEMPT on Forum: "+user.getUsername()); // log disabled attempt.
return null;
}else{
return username;
}

}else{
return null;
}

}

public boolean isSessionValid(UserSession userSession, RequestContext request) {
String remoteUser = null;
Cookie SSOCookie = ControllerUtils.getCookie("JforumSSO");
if (SSOCookie != null) remoteUser = SSOCookie.getValue(); // jforum username

// user has since logged out
if(remoteUser == null &&
userSession.getUserId() != SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;

// user has since logged in
} else if(remoteUser != null &&
userSession.getUserId() == SystemGlobals.getIntValue(ConfigKeys.ANONYMOUS_USER_ID)) {
return false;

// user has changed user
} else if(remoteUser != null && !remoteUser.equals(userSession.getUsername())) {
return false;
}
return true; // myapp user and forum user the same
}


}


Can u Please tell where i need to modify

Note : i am not interesting to store in cookies is any alternative solutions .
[originally posted on jforum.net by gopal.g]

Hi

I have implemented SSO for Single Sign On for my application login.
it working fine. The problem is when a user login to my application and he done some operation on form and he logout using my application logout fueature, and again 2 user login and he went forum link it showes
"Connected users:1st login userinfo "


any body help please .


Thanks,
Gopal.G
[originally posted on jforum.net by gopal.g]

Hi,

I think I had a similar problem recently. Do you have cookies enabled?
When your application loggs out you need to delete the JForumSSO Cookie which is used in the example code of how to implement SSO.

The method isSessionValid checks for the cookie which is still alive.
I actually could not delete it. I guess the userSession of JForum wrote it again.

I couldn't find a way to delete the userSession when logging out of my application.

I finally just used the regular HTTPSession to check the user from my application with the user in the JForum userSession. That way a user who disabled cookies has no problems.

Hope that helps.

@ everyone else: I'm still interested in how to delete the userSession. I tried to use the JForum API but I always got an Exception.

Norbert
[originally posted on jforum.net by TheSmile]

Well,

your code still looks like the sample SSO implementation.
Here's what I did:

public String authenticateUser(RequestContext request) { ... // get current session SessionContext session = JForumExecutionContext.getRequest().getSessionContext(); // is websiteuser set if (session.getAttribute("loginName") != null) { // get current websiteuser from session (my app) String userName = session.getAttribute("loginName").toString(); try { user = new WebSiteUser(userName, AREA_ID, WebSiteUser.CONFIRMED_VERSION); // get user form my app logger.info("authenticateUser: User '" + userName + "' authenticated via WebSiteUser."); } catch (SQLException e) { logger.error("SQL Exception", e); return null; } catch (UserNotFoundException e) { logger.error("UserNotFoundException", e); return null; } catch (ReadOnlyFieldException e) { logger.error("ReadOnlyFieldException", e); return null; } } else { logger.info("AuthenticateUser: No WebSiteUser found in session!"); return null; // no websiteuser found in session } // set session vars for jForum session.setAttribute("email", user.getFieldValue("email") ); // email /* * some check, if my user is forum admin ... */ return user.getUserName(); } public boolean isSessionValid(UserSession userSession, RequestContext request) { // check if user is in session if (request.getSessionContext().getAttribute("loginName") != null) { // get username from session String userName = request.getSessionContext().getAttribute("loginName").toString(); // check, if user of session is equal to forum userSession if (userSession.getUsername() != null && userSession.getUsername().equals(userName)) { logger.info("Session is valid with user '" + userName +"'."); return true; } } else { logger.info("Session is NOT valid, calling athenticate User ..."); } return false; }

Norbert
[originally posted on jforum.net by TheSmile]

Thanks Norbert

I have done with r u help.
[originally posted on jforum.net by gopal.g]

Hi Norbert,

Can you plz guid how to implement Logout for SSO.



I have implemented as
SessionContext session2 = JForumExecutionContext.getRequest).getSessionContext();
session2.invalidate();
in my logout.java But this is not for working any sample code plz.



Thank you,
Gopal.G




[originally posted on jforum.net by gopal.g]