Sorry again, but I still have a problem ..
I implemented the Authentication in this way:
public void doFilter (ServletRequest request,
ServletResponse response,
FilterChain chain) {
[..]
HttpSession session = hrequest.getSession();
if (session.getAttribute("user") != null) { // already logged
userA = (UserAccount) session.getAttribute("user");
hrequest.setAttribute("userAccount", userA);
chain.doFilter(request, response);
} else {
UserService userService = UserServiceFactory.getUserService();
User loggedUser = userService.getCurrentUser();
if (userService.isUserLoggedIn() && loggedUser != null) {
userA = userAB.retrieveUser(loggedUser);
hrequest.setAttribute("userAccount", userA);
session.setAttribute("user", userA);
chain.doFilter(request, response);
} else { // no one is logged
String continuePath = "";
String uri = hrequest.getRequestURI();
if (uri != null && !uri.isEmpty() && !uri.equals("/")) {
continuePath = "?continue=" + uri;
}
hres.sendRedirect(filterConfig.getInitParameter("redirectPath")+
continuePath);
}
}
and the logout with this function:
userService.createLogoutURL(request.getRequestURI())
.. but I have the problem that, even if the user push the "logout"
button, the UserService still see the attribute "user" in the session;
so it seems it is logged ..
Why am I doing wrong?
Thank you
Miguel
On Nov 1, 8:03 pm, Miguel <[email protected]> wrote:
> Yes thank you again Jose,
> probably there was a misunderstanding in my last post: I was thinking
> about the session in my web-app (Google App Engine) and not in OpenID
> providers!
>
> Thanks
> Michele
>
> On Oct 31, 11:47 am, Jose Montes de Oca <[email protected]>
> wrote:
>
>
>
>
>
>
>
> > Hi Miguel,
>
> > I do not think you will be able to implement a solution relying on session
> > from OpenID Providers. OpenId is just an authentication mechanism, You only
> > Handle your own users sessions within you application and App Engine makes
> > it easy to with the users API.
>
> > If you would like a session mechanism that would log out and will also
> > logout of the from the Identity provider, you can use App Engine users API
> > but for just Google Accounts (Not choosing Federation Login),
> > IIRC when using the users API for only Google Accounts it would also sign
> > out the users from their google accounts.
>
> > Hope this Helps!
>
> > Jose Montes de Oca
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
