Help

Controls

PermLinkWikiLink

Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

Forum: Seam Users Forum ListTopic List
18. Jun 2008, 15:48 CET | Link

Hi,

I am using JOSSO for single sign for my applications. Two applications are struts based and the one I am developing is seam based application.

I had to remove seam based security from application and authenticating based on SSO-sessionId and keeping loggedInUser in session in authenticator.authenticate

when I logout, I want to remove session based data in the application. I am using the following code. Could anybody tell me if I am doing the things right ? appreciate your help in advance.

code to authenticate the user 


  public String authenticate()
    {
        //look for SSO Session Id
        HttpServletRequest request = (HttpServletRequest) facesContext.getExternalContext().getRequest();
        SSOUser ssoUser = (SSOUser)request.getUserPrincipal();
        String ssoSessionId = (String)request.getAttribute("org.josso.agent.ssoSessionid");
        
        if (ssoSessionId !=null && ssoUser !=null) 
        {
        	try {
        		User user = (User)em.createQuery("select u from User u where u.userName='"+ssoUser.getName() +"'")
        				.getSingleResult();
        		if (user != null) {
        				log.info("user #0 found in context",user.getUserName());
        				Contexts.getSessionContext().set("loggedInUser",user);
        				return "";
        		}
        	}catch(javax.persistence.NoResultException nre) {
        		facesMessages.add("Invalid login information. Please try again");
        		return "login";
        	}
        }
        
        return "login";
    }

logging out the user 


   public String logout() {
        Session.getInstance().invalidate();

        // why this is always printed as true ??  System.out.println(Contexts.isSessionContextActive());
        return "logout";
   }

1 Reply:
18. Jun 2008, 17:16 CET | Link

Why are you not leveraging Seam security ? You just need to implement a custom authenticate method that runs your custom authentication routine. If you dont do so you lose alot of useful features as described here: Seam security

Here's a guideline for Windows SSO with Seam security integration Windows SSO With Seam

It is very similar to what you are trying to accomplish, just ignore the NTLM auth code and replace this with your JOSSO specific auth code. NTLM auth and JOSSO auth fulfill the same goal anyways.