Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Logout-Problems in the Activiti Explorer
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Logout-Problems in the Activiti Explorer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2014 07:03 AM
I succeeded in implementing a SSO-Login based on an IBM LTPA2-Token. Therefore, I implemented a method
The problem is the logout. When I click on the logout button, the page reloads and I simply land on the default page as the same LoggedInUser even though I deleted the LTPA2-Token from the Browser-Cookies.
In the ExplorerApp, you check the LoggedInUser before executing the authenticate-methods:
I found out, that after I click on logout, the
That leads to the problem that I end up on the same page as before still as a logged in user.
I have no idea, why. In my understanding, the following happens when the logout-Button is clicked:
1.) ExplorerApp.close() gets executed
2.) Within that, getLoginHandler().logout(theUser) gets executed
3.) Logout is finished, page gets reloaded and you end up in the ExplorerApp onRequestStart method, where the authenticate-Methods are.
I use the defaultLoginHandler.onRequestStart to delete the LTPA2Token, when LogoutButton is pressed. This works well.
But to summarize: I click on logout and I am still logged in as the same user because
Here my code snippets:
DefaultLoginHander.onRequestStart
DefaultLoginHandler.logout:
ExplorerApp.close
ExplorerApp.onRequestStart:
Has anyone an idea? Even though I make
The loggedInUser is not null and therefore, the authenticate-methods get skipped.
Help is highly appreciated
Best regards
Ben
public LoggedInUser authenticate(HttpServletRequest request,HttpServletResponse response)The problem is the logout. When I click on the logout button, the page reloads and I simply land on the default page as the same LoggedInUser even though I deleted the LTPA2-Token from the Browser-Cookies.
In the ExplorerApp, you check the LoggedInUser before executing the authenticate-methods:
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
// Set current application object as thread-local to make it easy accessible
current.set(this);
// Authentication: check if user is found, otherwise send to login page
LoggedInUser user = (LoggedInUser) getUser();
if (user == null) {
// First, try automatic login
user = loginHandler.authenticate(request, response);
if(user == null) {
if (mainWindow != null && !mainWindow.isShowingLoginPage()) {
viewManager.showLoginPage();
}
} else {
setUser(user);
}
}
if(user != null) {
Authentication.setAuthenticatedUserId(user.getId());
if (mainWindow != null && mainWindow.isShowingLoginPage()) {
viewManager.showDefaultPage();
}
}
// Callback to the login handler
loginHandler.onRequestStart(request, response);
}
I found out, that after I click on logout, the
LoggedInUser user = (LoggedInUser) getUser();
if(user != null) {
Authentication.setAuthenticatedUserId(user.getId());
if (mainWindow != null && mainWindow.isShowingLoginPage()) {
viewManager.showDefaultPage();
}
}
That leads to the problem that I end up on the same page as before still as a logged in user.
I have no idea, why. In my understanding, the following happens when the logout-Button is clicked:
1.) ExplorerApp.close() gets executed
2.) Within that, getLoginHandler().logout(theUser) gets executed
3.) Logout is finished, page gets reloaded and you end up in the ExplorerApp onRequestStart method, where the authenticate-Methods are.
I use the defaultLoginHandler.onRequestStart to delete the LTPA2Token, when LogoutButton is pressed. This works well.
But to summarize: I click on logout and I am still logged in as the same user because
LoggedInUser user = (LoggedInUser) getUser();Here my code snippets:
DefaultLoginHander.onRequestStart
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
if(logout){
Cookie[] cookies = request.getCookies();
if(cookies != null){
for (Cookie cookie : cookies){
if(cookie.getName().equals("LtpaToken2")){
Cookie newCookie = new Cookie("LtpaToken2", cookie.getValue());
newCookie.setPath("/");
newCookie.setMaxAge(0);
newCookie.setDomain("****");
response.addCookie(newCookie);
}
}
}
logout = false;
}
}
DefaultLoginHandler.logout:
public void logout(LoggedInUser userToLogout) {
// Clear activiti authentication context
Authentication.setAuthenticatedUserId(null);
logout = true;
}
ExplorerApp.close
public void close() {
final LoggedInUser theUser = getLoggedInUser();
// Clear the logged in user
setUser(null);
// Call loginhandler
getLoginHandler().logout(theUser);
invalidatedSession = false;
super.close();
}
ExplorerApp.onRequestStart:
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
// Set current application object as thread-local to make it easy accessible
current.set(this);
if(loginHandler.getLogoutStatus()){
setUser(null);
}
// Authentication: check if user is found, otherwise send to login page
LoggedInUser user = (LoggedInUser) getUser();
//Delete LTPA2-Token when Logout
loginHandler.onRequestStart(request, response);
if (user == null) {
System.out.println("User ist null, Login procedure");
// First, try automatic login
//LTPA2-SSO-Login
user = loginHandler.authenticate(request, response);
if(user == null) {
if (mainWindow != null && !mainWindow.isShowingLoginPage()) {
viewManager.showLoginPage();
}
} else {
setUser(user);
}
}
if(user != null) {
Authentication.setAuthenticatedUserId(user.getId());
if (mainWindow != null && mainWindow.isShowingLoginPage()) {
viewManager.showDefaultPage();
}
}
// Callback to the login handler
//loginHandler.onRequestStart(request, response);
}
Has anyone an idea? Even though I make
if(loginHandler.getLogoutStatus()){
setUser(null);
}
The loggedInUser is not null and therefore, the authenticate-methods get skipped.
Help is highly appreciated
Best regards
Ben
Labels:
- Labels:
-
Archive
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2014 12:11 PM
The Activiti Explorer code is ok. After several hours, I figured out that the problem was my own authenticate-method. I do not understand why but there, the user was cached anyway. Now, everything works.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2014 03:56 AM
OK, thanks for posting back. Saved me a bit of reading 😉
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2016 06:54 AM
Hi B.Schnarr,
Does the code above is working for you, because i am getting compilation error with maven install command.please help me, I need to implement the SSO with activiti.
Does the code above is working for you, because i am getting compilation error with maven install command.please help me, I need to implement the SSO with activiti.
error_6.txt.zip
2 KB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-05-2016 07:31 AM
This code is working for me. You have 8 errors. Line 85, Char 7, Line 86, Char 3, Line 88, Char 9 etc. Maybe you forgot to import some libs? Can you show the code on these 8 positions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2016 02:39 AM
Thanks for your quick response Schnarr. please find below the code at above error position :
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
/*if (ExplorerApp.get().getLoggedInUser() != null && request.getSession(false) != null) {
request.getSession().setAttribute(Constants.AUTHENTICATED_USER_ID, ExplorerApp.get().getLoggedInUser().getId());
}*/
if(logout){ //line 85,7
Cookie[] cookies = request.getCookies(); //line 86,3
if(cookies != null){
for (Cookie cookie : cookies){ //line 88,9
if(cookie.getName().equals("LtpaToken2")){
Cookie newCookie = new Cookie("LtpaToken2", cookie.getValue()); //line (90,5), (90,28)
newCookie.setPath("/");
newCookie.setMaxAge(0);
newCookie.setDomain("****");
response.addCookie(newCookie);
}
}
}
logout = false;
}
}
public void onRequestEnd(HttpServletRequest request, HttpServletResponse response) {
// Noting to do here
}
public LoggedInUser authenticate(HttpServletRequest request, HttpServletResponse response) {
// No automatic authentication is used by default, always through credentials.
return null;
}
public void logout(LoggedInUser userToLogout) {
// Clear activiti authentication context
Authentication.setAuthenticatedUserId(null);
logout = true; //line (114,4)
}
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
/*if (ExplorerApp.get().getLoggedInUser() != null && request.getSession(false) != null) {
request.getSession().setAttribute(Constants.AUTHENTICATED_USER_ID, ExplorerApp.get().getLoggedInUser().getId());
}*/
if(logout){ //line 85,7
Cookie[] cookies = request.getCookies(); //line 86,3
if(cookies != null){
for (Cookie cookie : cookies){ //line 88,9
if(cookie.getName().equals("LtpaToken2")){
Cookie newCookie = new Cookie("LtpaToken2", cookie.getValue()); //line (90,5), (90,28)
newCookie.setPath("/");
newCookie.setMaxAge(0);
newCookie.setDomain("****");
response.addCookie(newCookie);
}
}
}
logout = false;
}
}
public void onRequestEnd(HttpServletRequest request, HttpServletResponse response) {
// Noting to do here
}
public LoggedInUser authenticate(HttpServletRequest request, HttpServletResponse response) {
// No automatic authentication is used by default, always through credentials.
return null;
}
public void logout(LoggedInUser userToLogout) {
// Clear activiti authentication context
Authentication.setAuthenticatedUserId(null);
logout = true; //line (114,4)
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2016 03:30 AM
Seems like you forgot to import some libs….
logout is a boolean variable that need to be declared: <code>private boolean logout = false;</code>
To use cookies, you need to import <code>import javax.servlet.http.Cookie;</code>
That should also be stated by your IDE. Are you using eclipse?
logout is a boolean variable that need to be declared: <code>private boolean logout = false;</code>
To use cookies, you need to import <code>import javax.servlet.http.Cookie;</code>
That should also be stated by your IDE. Are you using eclipse?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2016 08:05 AM
Thanks for the response. We are using eclipse but somehow it did not show any errors. Thanks again for helping out. Also, I have another query -
The purpose of trying to implement SSO for us is that we have a master website and want to embed Activiti in it. We don't want to show the login page and instead, want to pass the credentials via back-end, authenticate and display the default page. Is there a way we can do that by passing the credentials in the url iteself, so the login page can be skipped.
For example - If my url is - http://IP-Address:8082/activiti-explorer is there a way to pass credentials via something like - http://IP-Address:8082/activiti-explorer?user=username&pass=password.
Thanks
The purpose of trying to implement SSO for us is that we have a master website and want to embed Activiti in it. We don't want to show the login page and instead, want to pass the credentials via back-end, authenticate and display the default page. Is there a way we can do that by passing the credentials in the url iteself, so the login page can be skipped.
For example - If my url is - http://IP-Address:8082/activiti-explorer is there a way to pass credentials via something like - http://IP-Address:8082/activiti-explorer?user=username&pass=password.
Thanks
Related Content
- Alfresco Developer Resources in Alfresco Blog
- TTL #173 recording - Exploring the Alfresco Community Ecosystem in Alfresco Blog
- TTL #173 - Exploring the Alfresco Community Ecosystem: From Add-ons to Discord in Alfresco Blog
- Cannot access Alfresco drive after upgrading to Windows 11 in Alfresco Forum
- Inquiry on Activiti Cloud Community Version Support and Documentation in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
