portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Liao <jian.l...@gmail.com>
Subject Re: About Portal web application Single Sign On
Date Thu, 25 Aug 2005 09:23:06 GMT
Hi all,
I still have a question for the Portal web app SSO. 
I do some investigation for the Web browser SSO. If you open two IE
browsers corresponding to two server side sessions, the only thing you
can share is the cookie. So I plan to add an cookie checking funcation
in J2. Once I find the cookie, I authenticated the current session by
cookie. There are two ways to achieve it:

1. Add a tomcat valve like the tomcat bundled Single Sign On Valve.

2. Add a standard filter before jetspeed servlet filter. Create an
customer HttpServletRequestWrapper class to wrap the original
HttpServletRequest object, because I need to setUserPrincipal() and
setAuthType() and override the original getUserPrincipal() and
getAuthType() method.I will also handle the switch user issue in this
filter. Then I would like to call the chain.doFilter() with my new
HttpServletRequestWrapper object which encapsulated the original one.

I prefer to the second solution. Although I'm only override
getUserPrincipal() and get AuthType() method, but I'm still wondering
if is there any side-effect to J2, since the HttpServletRequest object
is not the original one.

Any help would be appreciated!

Regards,

- James Liao

On 8/1/05, James Liao <jian.liao@gmail.com> wrote:
> Ate,
> Thanks for response.
> Yes, in filefox there is only one browser process in client box. I
> think I will create a J2 Valve to handler the cookie created by
> myself.
> 
> - James Liao
> 
> On 8/1/05, Ate Douma <ate@douma.nu> wrote:
> > James Liao wrote:
> > > All,
> > > I have a common scenario here:
> > > 1. User visit url: http://localhost:8080/jetspeed/
> > > 2. User login as admin and leave the browser there.
> > > 3. Then user open another browser nn the same box and visit the same
> > > url as above.
> > > 4. What user should see? I want him to see he is already sign-in.
> > >
> > > Note: These two browsers must not share the same session.
> > It depends on the browser!
> > Mozilla/Firebird will reuse the same session as session state (.e.g. cookies) is
> > shared between the browser windows.
> > IE will *not* reuse the same session.
> > Other browsers may behave differently again ...
> >
> >
> > >
> > > Does it make sense?
> > >
> > > I would like to know how should I implement this with jetspeed2? I
> > > have try tomcat sso and config a SingleSignOn Valve(I did see the
> > > cookie generated), but it seems didn't work.
> > >
> > > My tomcat version is 5.0.30.
> > >
> > > Any help would be appreciated!
> > >
> > > - James Liao
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
> >
>

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message