Hi ROb, Thank you very much for sharing your solution. Please see my comments inline.
--- On Fri, 10/8/10, Roberto Rossi <[email protected]> wrote: > From: Roberto Rossi <[email protected]> > Subject: Re: auto login after user registration > To: "Jetspeed Users List" <[email protected]> > Date: Friday, October 8, 2010, 10:37 AM > Thank you Wonsan for your reply. > > But even if I implement a servlet like > o.a.j.login.LoginProxyServlet I > need always to autenticate the user to the Tomcat realm > passing > j_username and j_password variables, don't? You're right. So if you want to use ajax invocations to authenticate, those multiple redirection/posting will not happen automatically. However, it would be good enough just to redirect to a servlet like loginProxy from the server-side portlet code because the browser will handle the redirection headers. > I studied the login portlet and in one the login steps > there is a submit > (in the onLoad javascript event of the page) that POSTs > these two > variables to the action > <jetspeed>/login/j_security_check . > > At the moment I used an AJAX, all client side, approach. > After successful user registration (also this step in an > AJAX style) I > created a chain of POSTs/GETs to simulate the user > interaction for all > login steps. > For those that know jQuery ajax() function this is the > chain (in > Velocity/Javascript code): > > > > > ## AJAX - POST > verso /.../login/proxy , parametri: > org.apache.jetspeed.login.username=<username>&org.apache.jetspeed.login.password=<password> > > $.ajax({ > > > url: '/<jetspeed_dir>/login/proxy', > > > type: 'POST', > > > data: {"org.apache.jetspeed.login.username": > username, > "org.apache.jetspeed.login.password": password}, > > > error: function() {}, > > > success: function(data) { > > > ## AJAX - GET verso > /ys/login/redirector > > > $.ajax({ > > > url: > '/<jetspeed_dir>/login/redirector', > > > type: > 'GET', > > > data: > {}, > > > error: > function() {}, > > > success: > function(data) { > > > > ## AJAX - POST verso > /.../login/j_security_check , > parametri: > j_username=<username>&j_password=<password> > > > > $.ajax({ > > > > url: > '/<jetspeed_dir>/login/j_security_check', > > > > type: 'POST', > > > > data: {"j_username": > username, "j_password": password}, > > > > error: function() {}, > > > > success: function(data) { > > > > ## AJAX > - GET verso /.../login/redirector > > > > $.ajax({ > > > > > url: > '/<jetspeed_dir>/login/redirector', > > > > > type: 'GET', > > > > > data: {}, > > > > > error: function() {}, > > > > > success: function(data) { > > > > > /* last redirect */ > > > > > document.location.href > = '<go where you want!>'; > > > > > } > > > > > }); > > > > } > > > > }); > > > } > > > }); > > > } > > > }); > > The code is a bit confused but the story is this: > After user registration we POST to > <jetspeed_dir>/login/proxy with the > user credentials in the form > org.apache.jetspeed.login.username=username > and org.apache.jetspeed.login.password=password , > If the POST response is ok, then we GET to > <jetspeed_dir>/login/redirector with no data, > After this, we POST again to > <jetspeed_dir>/login/j_security_check with > j_username and j_password variables (this step is the same > of the > standard form auto submission made by LoginPortlet) > and as a last step we GET again to > <jetspeed_dir>/login/redirector with > no data. > > This long request chain let me login the user, with all > cookies and > session variables correctly set, and I can redirect him > anywhere in my > portal. Nice! Thank you very much for sharing your experience. I think this would be really helpful to somebodies. > > Obviously all the credentials are sent in plain text. Ah, yes. That's the only caveat. However, couldn't you use POST instead of GET? Then it can leverage SSL in some environments. Kind regards, Woonsan > > Hope this can help someone. > > ROb > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
