Hi,
I'm very much interested in your cool infrastructure for sso...I'm staying
tuned. And in the meantime I believe I have your answer.. :)
In DefaultTurbineRunData.java, the save() method is what saves the user
object to the session:
/**
* Saves a user object into the session.
*/
public void save()
{
session.putValue(User.SESSION_KEY, (Object) user );
}
And here's the definition for User.SESSION_KEY:
/** The session key for the User object. */
public static final String SESSION_KEY = "turbine.user";
So if you can access the session, retrieve the user object with that key.
Regards,
Dan
On Thu, 26 Sep 2002 [EMAIL PROTECTED] wrote:
> I just wrote a really cool infrastructure for sso that I will be using to
> provide sso for jetspeed and two other turbine applications that I have
> written. I will release it to the jetspeed and turbine community. I
> only need one question to be answered.
> Given that I have a HttpSession of a authenticated user in a turbine app,
> how can I get the TurbineUser or User object from the session.
> I know that I can do it from the RunData object, but I am in a filter, and
> that object is not available to me.
>
> Thanks!
>
> In case you are wondering, it's a set of servlets and filters that get the
> cookie value and ask for sso server (a servlet in the authoritative
> container) if the session is valid. If the servlet answers, it will be in
> an xml format that the filter will parse and create a new session in that
> container.
>
> In this way, two turbine apps in different jvms, on different hosts can
> have SSO. IT works for beyond turbine also, I have the various options
> parameterized in the web.xml, so we can do sso between oracle portal, or
> whatever.
>
> The only requirement is that the applications are in same domain.
> test.x.com and test2.x.com will work.
>
>
>
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
