I should have added that LHProcessingFilter gets the root
context's session ID from the user's cookies. (Tomcat session ID)
On Fri, Oct 24, 2008 at 12:14:56PM -0700, Guillermo Payet wrote:
> Hello Kranthi,
>
> I recently implemented single-sign-on for roller on our website.
> I disabled roller's login/logout pages, and redirected them to our
> site's custom login system. Then, on our login, I added code
> to add a name/value pair of sessionID/userID into a "shared_users"
> hashtable shared by both the main and the blog contexts. (see code below)
>
> I then created an LHProcessingFilter class that finds the root context's
> session ID, and looks it up in the shared hashtable. This tells you if a
> user session is logged in or not.
>
> Our ACEGI filter chain is:
>
> httpSessionContextIntegrationFilter,lhProcessingFilter,remoteUserFilter,channelProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
>
> Added an LHAuthenticationProvider class as an authenication provider,
> and bingo...
>
> Of course, there are other tweaks elsewhere for logouts and such,
> but the above is the main idea.
>
> Good luck.
>
> --G
>
>
> -------------------------------------------------------------------
> ServletContext ctx = session.getServletContext().getContext("/blog");
> if (ctx!=null) {
> Hashtable shareddata = (Hashtable)ctx.getAttribute("shared_users");
> if (shareddata==null) {
> shareddata = new Hashtable();
> }
> if (visItem.loggedin) {
> shareddata.put(session.getId(), Integer.toString(visItem.id));
> } else {
> shareddata.remove(session.getId());
> }
> ctx.setAttribute("shared_users", shareddata);
> }
> -------------------------------------------------------------------
