Foros de discusión

  1. Inicio
  2. Development
  3. autologin issue

autologin issue

Yue Zhou, modificado hace 11 años.

autologin issue

New Member Mensajes: 3 Fecha de incorporación: 6/11/12 Mensajes recientes
I developed an autologin hook based on another application(call it A)'s cookie. Liferay pages are embedded in the application A. After an user login to the applicaiton A, autologin hook will authenticate the user automatically.

However, I encountered an issue when the user log off and log into the application A, the autologin hook won't be invoked since liferay session has been established already. The embedded liferay pages are still in previous user's session

Any idea or advice? Thanks.
thumbnail
Rishi Dev Gupta, modificado hace 11 años.

RE: autologin issue

Expert Mensajes: 255 Fecha de incorporación: 23/11/08 Mensajes recientes
Liferay creates its own cookie and checks for that.

Since you are integrating the 2 applications, you need to manage or keep the session in sync for both the applications for various event like, login, logout, autologin, remember me, etc.

Since your need is similar to SSO so should follow the industry standards like CAS based authentication, which are more flexible and robust and will keep you gaurded with session issues.
Yue Zhou, modificado hace 11 años.

RE: autologin issue

New Member Mensajes: 3 Fecha de incorporación: 6/11/12 Mensajes recientes
The issue is that autologin hook is only invoked for unanthenticated user. is there a way to have a servlet filter to invalide the liferay session if cookie does not exists or changed? and will the autologin be invoked again?
thumbnail
Rishi Dev Gupta, modificado hace 11 años.

RE: autologin issue

Expert Mensajes: 255 Fecha de incorporación: 23/11/08 Mensajes recientes
You can customize the autologin through plugin hooks

You can configure or add your custom code and hook the login feature using the below property

##
## Auto Login
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.AutoLogin. These classes will run in
# consecutive order for all unauthenticated users until one of them return a
# valid user id and password combination. If no valid combination is
# returned, then the request continues to process normally. If a valid
# combination is returned, then the portal will automatically login that
# user with the returned user id and password combination.
#
# For example, com.liferay.portal.security.auth.RememberMeAutoLogin reads
# from a cookie to automatically log in a user who previously logged in
# while checking on the "Remember Me" box.
#
# This interface allows deployers to easily configure the portal to work
# with other SSO servers. See com.liferay.portal.security.auth.CASAutoLogin
# for an example of how to configure the portal with Yale's SSO server.
#
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin