Thanks Woonsan, I understood the reason of not able to get the values in my valve. Thanks to David and Ron too.
Woonsan Ko wrote: > > Hi Srini, > > It is not possible to read username/password form data in a valve because > the login form submission is handled by a dedicated JAAS form login > servlet (/login/login) configured in /jetspeed/WEB-INF/web.xml. > The j2-admin login portlet submits the login form to /login/proxy servlet, > which redirects to /login/redirector servlet to trigger security check of > the servlet container as configured for JAAS Form-based authentication in > web.xml. These login related servlets are independent from Jetspeed > pipelines/valves. > The login related servlets (o.a.j.login.LoginServlet, > LoginRedirectorServlet, ...) communicates with the browser multiple times > and so those store the login form data in session temporarily. Of course, > after login process, the temporary data is removed. > So, one simple solution could be override the default Jetspeed login > servlet(s) to catch the form data for other uses. However, it could be > dangerous, it's up to you to do that with careful security consideration. > For example, if you store the data in http session, then you could read > the data in your custom valve later and remove those after doing something > necessary. > > HTH, > > Woonsan > > > --- On Mon, 11/22/10, SriniPitta <[email protected]> wrote: > >> From: SriniPitta <[email protected]> >> Subject: Re: session listener not working >> To: [email protected] >> Date: Monday, November 22, 2010, 8:41 PM >> >> Thanks for your reply Ron. With reference to my previous >> post >> dated(18/11/2010 11:23 AM), my requirement is used to store >> the logged-in >> user details in a common shared database such that other >> php+perl based >> application running in different server can use loggedin >> user credentials >> from shared database. >> >> As you referred, i can get the username after the login. >> But as per my >> requirement not all users logging into jetspeed portal are >> registered inside >> portal. This is reason, when user logins using jetspeed >> default login >> portlet (j2admin::LoginPortlet) i want to use valve which >> can identify if >> the user is registered in portal or not and if NOT, i >> wanted to create the >> user inside my valve and when jetspeed login valve >> validates it will find >> the user i created. This is one of the reason i >> wanted to have my valve >> called first before the jetspeed-login valve is called. >> >> The issue i have now is, i could not get the username from >> Requextcontext >> inside my valve that user enters on j2admin::loginportlet. >> Please be >> informed that its not my login portlet. I am using >> j2admin::loginportlet. I >> would like to get username and password that user enters >> while login such >> that i can check in my valve before the jetspeed login >> valve is called. >> >> Please do let me know if i am not clear. >> >> Thanks, >> Srini. >> >> >> ronatartifact wrote: >> > >> > Why do you need the password? >> > If you do really need the password, can you not get >> that when you set up >> > the account and store it in a safe place and get it >> later. >> > >> > You have the username after the login. >> > >> > Ron >> > >> > >> > On 22/11/2010 11:21 AM, SriniPitta wrote: >> >> Sure, even if i allow the jetspeed's login to go >> first, my valve does not >> >> read the username and password from request >> context. How can i read the >> >> username and password values from request context >> in my valve? >> >> >> >> Thanks. >> >> Srini. >> >> >> >> ronatartifact wrote: >> >>> Why not let Jetspeed's login go first and then >> decide what to do if they >> >>> get pass or do not pass. >> >>> >> >>> Ron >> >>> >> >>> On 22/11/2010 10:18 AM, SriniPitta wrote: >> >>>> Ron, >> >>>> >> >>>> I have added my own valve to the >> jetspeed-pipeline inside the file >> >>>> 'jetspeed/WEB-INF/assembly/pipelines.xml'. >> My valve is being invoked >> >>>> however, i am unable to read the username >> and password using the >> >>>> RequestContext. Secondly, how can i >> configure so that my valve is >> >>>> invoked >> >>>> first before any other valves in >> jetspeed-pipeline. My valve is being >> >>>> invoked after login. >> >>>> >> >>>> MyValve code snippet: >> >>>> ======================== >> >>>> public class MyLoginValidationValveImpl >> extends AbstractValve >> >>>> implements >> >>>> Valve{ >> >>>> >> >>>> ..... >> >>>> public void invoke(RequestContext request, >> ValveContext context) >> >>>> >> throws PipelineException { >> >>>> >> >>>> String un = >> >>>> >> request.getRequest().getParameter(LoginConstants.USERNAME)); >> >>>> // >> >>>> does not get username >> >>>> >> request.getRequestParameter(LoginConstants.USERNAME)); // >> does not get >> >>>> username >> >>>> } >> >>>> =============================== >> >>>> >> >>>> Existing entries in pipelines.xml: >> >>>> ==================== >> >>>> <bean id='pipeline-map' >> class='java.util.HashMap'> >> >>>> <meta >> key="j2:cat" value="default" /> >> >>>> >> <constructor-arg> >> >>>> >> <map> >> >>>> >> <entry key='/portlet'> >> >>>> >> <value>portlet-pipeline</value> >> >>>> >> </entry> >> >>>> >> <entry key='/portal'> >> >>>> >> <value>jetspeed-pipeline</value> >> >>>> >> </entry> >> >>>> >> <entry key='/ajaxapi'> >> >>>> >> <value>ajax-pipeline</value> >> >>>> >> </entry> >> >>>> >> <entry key='/login'> >> >>>> >> <value>jetspeed-pipeline</value> >> >>>> >> </entry> .............. >> >>>> ============================= >> >>>> >> >>>> I added my valve 'MyLoginValidationValve' >> to jetspeed-pipeline in below >> >>>> : >> >>>> >> >>>> ============================== >> >>>> <bean id="jetspeed-pipeline" >> >>>> >> class="org.apache.jetspeed.pipeline.JetspeedPipeline" >> >>>> init-method="initialize"> >> >>>> <meta >> key="j2:cat" value="default" /> >> >>>> >> <constructor-arg> >> >>>> >> <value>JetspeedPipeline</value> >> >>>> >> </constructor-arg> >> >>>> >> <constructor-arg> >> >>>> >> <list> >> >>>> >> <ref bean="MyLoginValidationValve" >> /> >> >>>> >> <ref bean="capabilityValve" /> >> >>>> >> <ref bean="portalURLValve" /> >> >>>> >> <ref bean="securityValve" /> >> >>>> >> <ref bean="localizationValve" /> >> >>>> >> <ref bean="passwordCredentialValve" >> /> >> >>>> >> <ref bean="loginValidationValve" /> >> >>>> >> <ref bean="profilerValve" /> >> >>>> >> <ref bean="refreshUserHomepageValve" >> /> ........... >> >>>> ======================================== >> >>>> >> >>>> Thanks for your time. >> >>>> >> >>>> Srini. >> >>>> >> >>>> >> >>>> ronatartifact wrote: >> >>>>> I little more of the puzzle is >> revealed. >> >>>>> >> >>>>> Have you looked at the description of >> the valve in the processing >> >>>>> pipeline. >> >>>>> You can probably add your own valve to >> the login pipeline to capture >> >>>>> login. >> >>>>> >> >>>>> You are probably going to have to >> implement a timout or watchdog >> >>>>> process >> >>>>> that cleans up your database after >> users just leave without logging >> >>>>> out. >> >>>>> >> >>>>> Ron >> >>>>> >> >>>>> >> >>>>> On 18/11/2010 11:23 AM, SriniPitta >> wrote: >> >>>>>> I agree but I cannot put the >> user's information in HTTP session as my >> >>>>>> requirement is to store the >> jetspeed user logged in information in a >> >>>>>> common >> >>>>>> shared database such that another >> php+perl based application running >> >>>>>> in >> >>>>>> a >> >>>>>> different apache server can know >> about the user login by seeing the >> >>>>>> new >> >>>>>> entry in the database and will use >> this information for rendering a >> >>>>>> page >> >>>>>> in >> >>>>>> php based application. >> >>>>>> >> >>>>>> Thanks, >> >>>>>> Srini. >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> ronatartifact wrote: >> >>>>>>> Have you considered putting >> the data in the HTTP Session data >> >>>>>>> structure >> >>>>>>> that is held while the user is >> logged in. >> >>>>>>> >> >>>>>>> This data is only available to >> portlets serving that user but you >> >>>>>>> can >> >>>>>>> store whatever you want there >> for the duration of the session. >> >>>>>>> >> >>>>>>> It is faster and easier to >> access since it does not require database >> >>>>>>> access. >> >>>>>>> >> >>>>>>> You might get better advice if >> you described a bit more about why >> >>>>>>> you >> >>>>>>> want to store transitory >> info. >> >>>>>>> >> >>>>>>> >> >>>>>>> Ron >> >>>>>>> >> >>>>>>> >> >>>>>>> On 18/11/2010 10:54 AM, >> SriniPitta wrote: >> >>>>>>>> ====================== >> >>>>>>>> Can you not use the >> logging done by Jetspeed already? >> >>>>>>>> ======================== >> >>>>>>>> Thanks for your reply. I >> see that "USER_ACTIVITY" table has the >> >>>>>>>> entry >> >>>>>>>> for >> >>>>>>>> each login-success and >> login-failure. However, I would like to >> >>>>>>>> delete >> >>>>>>>> the >> >>>>>>>> user logged in information >> from the table upon user logging out. I >> >>>>>>>> do >> >>>>>>>> not >> >>>>>>>> want to mess up or delete >> the entries from Jetspeed's database as >> >>>>>>>> iam >> >>>>>>>> pretty >> >>>>>>>> sure that my requirement >> will be extended. Thanks for your time. >> >>>>>>>> >> >>>>>>>> Regards, >> >>>>>>>> Srini. >> >>>>>>>> >> >>>>>>>> >> >>>>>>>> ronatartifact wrote: >> >>>>>>>>> On 17/11/2010 6:06 PM, >> SriniPitta wrote: >> >>>>>>>>>> Hi, >> >>>>>>>>>> >> >>>>>>>>>> I would like to >> insert a new entry in database capturing the >> >>>>>>>>>> session >> >>>>>>>>>> and >> >>>>>>>>>> user details upon >> each time the user login into portal and logout >> >>>>>>>>>> the >> >>>>>>>>>> portal. >> >>>>>>>>>> >> >>>>>>>>>> I have written a >> listener class and extended HttpSessionListener >> >>>>>>>>>> and >> >>>>>>>>>> overrided >> sessionCreated() and sessionDestroyed() methods and >> >>>>>>>>>> added >> >>>>>>>>>> below >> >>>>>>>>>> entry in my >> web.xml. But it does not invoke my listener during >> >>>>>>>>>> user >> >>>>>>>>>> login >> >>>>>>>>>> or >> >>>>>>>>>> logout. Can you >> please let me know the correct way of >> >>>>>>>>>> implementing. >> >>>>>>>>>> >> >>>>>>>>>> >> <listener> >> >>>>>>>>>> >> <listener-class>com.mycompany.MyHttpSessionListener</listener-class> >> >>>>>>>>>> </listener> >> >>>>>>>>>> >> >>>>>>>>>> Thanks for your >> time. >> >>>>>>>>>> >> >>>>>>>>>> Regards, >> >>>>>>>>>> Srini. >> >>>>>>>>> Can you not use the >> logging done by Jetspeed already? >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> --------------------------------------------------------------------- >> >>>>>>>>> To unsubscribe, >> e-mail: >> >>>>>>>>> [email protected] >> >>>>>>>>> For additional >> commands, e-mail: >> >>>>>>>>> [email protected] >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>>>> >> >>>>>>> >> --------------------------------------------------------------------- >> >>>>>>> To unsubscribe, e-mail: >> [email protected] >> >>>>>>> For additional commands, >> e-mail: >> >>>>>>> [email protected] >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>> >> --------------------------------------------------------------------- >> >>>>> To unsubscribe, e-mail: >> [email protected] >> >>>>> For additional commands, e-mail: >> [email protected] >> >>>>> >> >>>>> >> >>>>> >> >>> >> >>> >> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: [email protected] >> >>> For additional commands, e-mail: >> [email protected] >> >>> >> >>> >> >>> >> > >> > >> > >> --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] >> > For additional commands, e-mail: [email protected] >> > >> > >> > >> >> -- >> View this message in context: >> http://old.nabble.com/session-listener-not-working-tp30239157p30281899.html >> Sent from the Jetspeed - User mailing list archive at >> Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- View this message in context: http://old.nabble.com/session-listener-not-working-tp30239157p30285301.html Sent from the Jetspeed - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
