Hi,
ok,
here is my liitle LoginAction
/**
* Log in.
*/
public class MyLoginUser extends LoginUser
{
private static Log log = LogFactory.getLog(MyLoginUser.class);
private void logout(RunData data, String message) throws
UnknownEntityException
{
Configuration conf = Turbine.getConfiguration();
// Set Error Message and clean out the user.
data.setMessage(message);
data.setUser(TurbineSecurity.getAnonymousUser());
String loginTemplate =
conf.getString(TurbineConstants.TEMPLATE_LOGIN);
if (StringUtils.isNotEmpty(loginTemplate))
{
// We're running in a templating solution
data.setScreenTemplate(loginTemplate);
}
else
{
data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN));
}
}
/*
* (non-Javadoc)
* @see
org.apache.turbine.modules.Action#doPerform(org.apache.turbine.util.RunData)
*/
public void doPerform(RunData data) throws TurbineSecurityException
{
String username = data.getParameters().getString(CGI_USERNAME, "");
String password = data.getParameters().getString(CGI_PASSWORD, "");
if (StringUtils.isEmpty(username)) { return; }
try
{
synchronized (this.getClass())
{
// Authenticate the user and get the object.
User user =
TurbineSecurity.getAuthenticatedUser(username, password);
if(user == null) log.error("User retrieved from
TurbineSecurity is null");
Iterator activeSessions =
TurbineSession.getActiveSessions().iterator();
while (activeSessions.hasNext())
{
HttpSession sess = (HttpSession) activeSessions.next();
User au = TurbineSession.getUserFromSession(sess);
if(au == null) log.error("User retrieved from
Session is null");
if (au != null && user != null)
{
if (au.getId() == user.getId())
{
sess.invalidate();
}
}
}
// Store the user object.
data.setUser(user);
// Mark the user as being logged in.
user.setHasLoggedIn(Boolean.TRUE);
// Set the last_login date in the database.
user.updateLastLogin();
// This only happens if the user is valid; otherwise, we
// will get a valueBound in the User object when we don't
// want to because the username is not set yet. Save the
// User object into the session.
data.save();
/*
* If the setPage("template.vm") method has not
* been used in the template to authenticate the
* user (usually Login.vm), then the user will
* be forwarded to the template that is specified
* by the "template.home" property as listed in
* TR.props for the webapp.
*/
}
}
catch (Exception e)
{
Configuration conf = Turbine.getConfiguration();
log.error("Major Error Logging the User in", e);
logout(data, conf.getString(TurbineConstants.LOGIN_ERROR, ""));
}
}
}
kind regards
Juergen Hoffmann
Shane Beasley schrieb:
Jürgen Hoffmann wrote:
So the question really is, how do you update the user? Through
RunData.getUser().set...()?
For better or worse, I learned Turbine/Torque by reading code from
another project by another developer. It operated directly upon the
TurbineUser object by means of the following method:
public static TurbineUser getTurbineUser(RunData data) {
return
(TurbineUser)((TorqueUser)(data.getUser())).getPersistentObj();
}
Based on my experience, I get the feeling that there's something
better, but I don't know what that is, so I've stuck with the status quo.
How do other people do this sort of thing? I can imagine using
RunData.getUser().getPerm/setPerm instead, although our current design
allows us to use foreign keys to build relationships between
TurbineUser and other tables/objects, whereas I don't think
getPerm/setPerm would do the same.
as you see, the object in the db will always be overwritten with the
user that is stored inside the session.
Yep, that's what's happening. Your sample code comes from the
LogoutUser action, which defers to TurbineSecurity.saveUser, which
defers to TurbineSecurityService.saveUser, which defers to
TorqueUserManager.store. As a consequence of that, I can also provide
my own user manager that does something different for
TorqueUserManager.store (e.g. make *that* a no-op), except I don't
know what else will break if I do that. :)
I have implemented something, that only allowed one user to be logged
in at a given time. If another user logs the second time, the first
user is logged out automatically. If you are interested I can
provide the source.
Actually, I would like to see that code, if it's not a bother...
Thanks again!
Shane
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
!EXCUBATOR:1,451ac01b53078519116451!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
