Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSO class not being called all the time?

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys

I have SSO working. I have defined my class in SystemGlobals.properties like sso.implementation = net.jforum.sso.MySSOClass, which takes the username (passed as a querystring in the link to the forum from my app) and checks my application database to see if this user exists, if they are banned, expired etc..

So I can log into my app, go to the forum, make posts and the username is carried across. When my SSO class is called, I have some debug output displaying the username.

The problem is, when I log out of my app (and forum) and then log back in as a different user, my SSO class isn't being called again. I cannot see the debug output the second time. So the user is "Anonymous".

I have tried setting security.cache.enabled = false in SystemGlobals.properties, but this does not fix my problem.

Could anyone point me where I am going wrong or what I should be doing?

Thanks in advance
[originally posted on jforum.net by snowman999]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is two methods that you need to implement.

One that logs the user in, one that checks if he's authenticated (and doesnt need to relog back in)

It seems like in your case the second method might be failing and still returns that the user is logged on?
[originally posted on jforum.net by Sid]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To expand on Sid's answer... the isSessionValid method is called with every request. It needs to check a bunch of different possible conditions. E.g., sso user doesn't match current user, etc. For an example of all the conditions, look at the isSessionValid code here:

http://www.jforum.net/posts/list/15/4414.page#18206


[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dudes, thanks for pointing me the right way, I was able to do what I needed by amending the isSessionValid method as you suggested. Thanks so much
[originally posted on jforum.net by snowman999]
 
And then we all jump out and yell "surprise! we got you this tiny ad!"
We need your help - Coderanch server fundraiser
https://coderanch.com/t/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic