Hi Chris, Well, I guess you could replace it with one line:
return (data.getUser().hasLoggedIn() || super.isAuthorized(data)); Or consider not extending SecureScreen from your Index screen class (maybe if a user isn't logged in they can view the screen) and handle more in your template rather than the screen class? But if it works, elegance is secondary ;) David -----Original Message----- From: Chris Joelly [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 7:30 AM To: Turbine Users List Subject: Re: preventing users from logging in twice to turbine app Hello David! i thought that the user is already logged in when i do a super.doPerform(data) in my LoginUser class (which is inherited from turbines LoginUser) where the user actually logges in, but as i looked further i saw that the ACL for that user has not been set. and the isAuthorized method in SecureScreen checks for a ACL. in my case it then redirects me back to Login.vm even though the user was already logged in... so i override the isAuthorized method of my screen class to bypass this issue ... protected boolean isAuthorized( RunData data ) throws Exception { boolean isAuthorized; if (data.getUser().hasLoggedIn()) { isAuthorized = true; } else { isAuthorized = super.isAuthorized(data); } return isAuthorized; } maybe there's a more elegant way to handle this? thx, Chris Am Thu, Apr 22, 2004 at 06:56:13AM -0700, David Demner meinte: > > Does your com.comp.portal.modules.screens.Index class extend SecureScreen > from the TDK? If so, maybe this is causing the problem? In this, if the > user isn't logged (or part of the proper group) the user is redirected back > to Login.vm. If you didn't start with the tdk but you still extend > VelocitySecureAction, check your isAuthorized anyway to make sure it isn't > doing anything unexpected. -- mit freundlichen Gr��en / with kind regards Ing. Christian J�lly @ Solutions unycom Information Technology Services GmbH A-8042 Graz | Schmiedlstra�e 1 / III Tel: ++43 (0)316 / 818 828 - 30 Fax: ++43 (0)316 / 818 828 - 38 [EMAIL PROTECTED] http://www.unycom.com [Toplevel-Domain DDR?] Die Topleveldomain lautete .DD. Allerdings war diese nur reserviert und es gab NIE einen aktiven Nameserver f�r .DD oder irgendwelche Eintr�ge f�r .DD. -- Heiko Schlichting in de.admin.misc --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
