掲示板

  1. ホーム
  2. Development
  3. autologin issue

autologin issue

11年前 に Yue Zhou によって更新されました。

autologin issue

New Member 投稿: 3 参加年月日: 12/11/06 最新の投稿
I developed an autologin hook based on another application(call it A)'s cookie. Liferay pages are embedded in the application A. After an user login to the applicaiton A, autologin hook will authenticate the user automatically.

However, I encountered an issue when the user log off and log into the application A, the autologin hook won't be invoked since liferay session has been established already. The embedded liferay pages are still in previous user's session

Any idea or advice? Thanks.
thumbnail
11年前 に Rishi Dev Gupta によって更新されました。

RE: autologin issue

Expert 投稿: 255 参加年月日: 08/11/23 最新の投稿
Liferay creates its own cookie and checks for that.

Since you are integrating the 2 applications, you need to manage or keep the session in sync for both the applications for various event like, login, logout, autologin, remember me, etc.

Since your need is similar to SSO so should follow the industry standards like CAS based authentication, which are more flexible and robust and will keep you gaurded with session issues.
11年前 に Yue Zhou によって更新されました。

RE: autologin issue

New Member 投稿: 3 参加年月日: 12/11/06 最新の投稿
The issue is that autologin hook is only invoked for unanthenticated user. is there a way to have a servlet filter to invalide the liferay session if cookie does not exists or changed? and will the autologin be invoked again?
thumbnail
11年前 に Rishi Dev Gupta によって更新されました。

RE: autologin issue

Expert 投稿: 255 参加年月日: 08/11/23 最新の投稿
You can customize the autologin through plugin hooks

You can configure or add your custom code and hook the login feature using the below property

##
## Auto Login
##

#
# Input a list of comma delimited class names that implement
# com.liferay.portal.security.auth.AutoLogin. These classes will run in
# consecutive order for all unauthenticated users until one of them return a
# valid user id and password combination. If no valid combination is
# returned, then the request continues to process normally. If a valid
# combination is returned, then the portal will automatically login that
# user with the returned user id and password combination.
#
# For example, com.liferay.portal.security.auth.RememberMeAutoLogin reads
# from a cookie to automatically log in a user who previously logged in
# while checking on the "Remember Me" box.
#
# This interface allows deployers to easily configure the portal to work
# with other SSO servers. See com.liferay.portal.security.auth.CASAutoLogin
# for an example of how to configure the portal with Yale's SSO server.
#
auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin,com.liferay.portal.security.auth.FacebookAutoLogin,com.liferay.portal.security.auth.NtlmAutoLogin,com.liferay.portal.security.auth.OpenIdAutoLogin,com.liferay.portal.security.auth.OpenSSOAutoLogin,com.liferay.portal.security.auth.RememberMeAutoLogin,com.liferay.portal.security.auth.SiteMinderAutoLogin