<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 5/16/11 10:49 PM, basZero wrote:
<blockquote
cite="mid:BANLkTimcqNbCXfX92W3a+yUupoLi7ht+UQ@mail.gmail.com"
type="cite">and what stands foo and bar for? parameters for the
authenticator?</blockquote>
<br>
anything, just some custom parameters ;-)<br>
<blockquote
cite="mid:BANLkTimcqNbCXfX92W3a+yUupoLi7ht+UQ@mail.gmail.com"
type="cite">
<div><br>
</div>
<div>looks promising!<br>
</div>
</blockquote>
<br>
it's well tested for more than two years, but badly documented I
admit. I will update<br>
<br>
<a class="moz-txt-link-freetext" href="http://127.0.0.1:8080/yanel/yanel-website/en/documentation/realm/realm-configuration.html">http://127.0.0.1:8080/yanel/yanel-website/en/documentation/realm/realm-configuration.html</a><br>
<br>
accordingly.<br>
<br>
Thanks<br>
<br>
Michael<br>
<blockquote
cite="mid:BANLkTimcqNbCXfX92W3a+yUupoLi7ht+UQ@mail.gmail.com"
type="cite">
<div><br>
<div class="gmail_quote">On Mon, May 16, 2011 at 10:48 PM,
Michael Wechner <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:michael.wechner@wyona.com">michael.wechner@wyona.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
<div class="im"> On 5/16/11 5:15 PM, basZero wrote: </div>
<blockquote type="cite">Hi Michael,
<div><br>
</div>
<div class="im">
<div>another requirement that must be considered is
this here:</div>
<div>- most web applications perform some business
logic at the Login Process. That business logic must
also be performed when somebody gets logged in
automatically.</div>
</div>
</blockquote>
<br>
you can do this already within the realm.xml file, e.g.<br>
<br>
<web-authenticator
class="com.zwischengas.yanel.servlet.security.impl.ZGWebAuthenticatorImpl"><br>
<zg:foo
xmlns:zg=<a moz-do-not-send="true"
href="http://www.zwischengas.com/eld/wyona/1.0"
target="_blank">"http://www.zwischengas.com/eld/wyona/1.0"</a>>bar</zg:foo><br>
</web-authenticator><br>
<br>
whereas your custom authenticator should implement<br>
<br>
org.wyona.yanel.core.api.security.WebAuthenticator<br>
<br>
HTH<br>
<font color="#888888"> <br>
Michael</font>
<div>
<div class="h5"><br>
<blockquote type="cite">
<div><br>
</div>
<div>So I think we need an API extension in Yanel
which provides the following mechanism:</div>
<div>- Per realm you can register (configure) your
own class which gets called by the YanelServlet
(that class would implement a new interface).
Methods of that new interface would be:</div>
<div>a) doLoginLogic()</div>
<div>b) ... ?</div>
<div><br>
</div>
<div>If the YanelServlet recognizes the cookie and
successfully authenticated the user (logged in),
the doLoginLogic() method gets called.</div>
<div>Otherwise, if no cookie is available, the
request goes through as today.</div>
<div><br>
</div>
<div>What do you think?<br>
<br>
Cheers</div>
<div>Balz <br>
<br>
<div class="gmail_quote">On Mon, May 16, 2011 at
5:06 PM, basZero <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:baszero@gmail.com"
target="_blank">baszero@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:
0pt 0pt 0pt 0.8ex; border-left: 1px solid
rgb(204, 204, 204); padding-left: 1ex;">Hi
Michael,
<div><br>
</div>
<div>as just discussed, what I meant by
"auto-login" is not just pre-filling the
username field in the login form.</div>
<div>By "auto-login", I mean the following:</div>
<div><br>
</div>
<div>- the user accesses ANY page within my
realm</div>
<div>- at every request it is verified whether
the user is logged in (means: getIdentity()
!= null ?)</div>
<div>- if there is no identity available, the
request is checked for the autologin cookie</div>
<div>- if there is no autologin cookie,
proceed as usual (= user remains anonymous)</div>
<div>- if there IS an autologin cookie, the
user gets authenticated automatically
(without seeing any form or the need of
pressing a submit button) and the user is
logged in.</div>
<div><br>
</div>
<div><b>Implementation:</b></div>
<div>The standard way of how this usually gets
implemented is as follows:</div>
<div>- The cookie contains USERID, TOKEN</div>
<div>- After every successful authentication,
a new TOKEN gets created and stored in the
COOKIE (for the next time). The realm also
stores the new token for this user (so that
it can be verified the next time).</div>
<div>- How to do the authentication: the token
from the cookie must match the last stored
token for this user. if it matches, the user
gets logged in without the need of the
password.</div>
<div><br>
</div>
<div>A normal side effect of this
implementation is: </div>
<div>- if the user uses a web browser and for
instance an iPad, every time he switches the
device, the token obviously does not match
anymore and he has to login by the usual
login form where he enters username and
password (and where he can checkbox the
autologin feature again).</div>
<div><br>
</div>
<div><b>Next steps for Yanel:</b></div>
<div>It would be great if this functionality
could be plugged into the request pipeline
of Yanel.</div>
<div>An alternative is to write a Request
Pipeline Filter for TOMCAT so that the
request goes through that servlet each time.</div>
<div><br>
</div>
<div>What do you propose?</div>
<div><br>
</div>
<div>Cheers</div>
<div>Balz</div>
<div>
<div>
<div><br>
</div>
<div><br>
<div class="gmail_quote">On Mon, May 16,
2011 at 4:48 PM, Michael Wechner <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:michael.wechner@wyona.com"
target="_blank">michael.wechner@wyona.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt 0.8ex;
border-left: 1px solid rgb(204, 204,
204); padding-left: 1ex;">Hi Balz
<div><br>
<br>
On 5/16/11 4:09 PM, basZero wrote:<br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid
rgb(204, 204, 204);
padding-left: 1ex;"> Hi Michael,<br>
<br>
you once mentioned that Yanel
comes out of the box with an
auto login feature?<br>
Can you point me to the source
code? I didn't find it.<br>
</blockquote>
<br>
</div>
Have a look at<br>
<br>
src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java<br>
<br>
and search for<br>
<br>
remember-my-login-name<br>
<br>
(also see
rememberLoginNameCookie.setMaxAge(86400);
// 1 day is 86400 seconds)<br>
<br>
(also see
src/webapp/xslt/login-screen.xsl)<br>
<br>
HTH<br>
<br>
Michael
<div>
<div><br>
<blockquote class="gmail_quote"
style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid
rgb(204, 204, 204);
padding-left: 1ex;"> <br>
I just want to see how it is
done.<br>
<br>
Cheers<br>
Balz<br>
</blockquote>
<br>
</div>
</div>
<font color="#888888"> -- <br>
Yanel-development mailing list <a
moz-do-not-send="true"
href="mailto:Yanel-development@wyona.com"
target="_blank">Yanel-development@wyona.com</a><br>
<a moz-do-not-send="true"
href="http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development"
target="_blank">http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development</a><br>
</font></blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
--<br>
Yanel-development mailing list <a moz-do-not-send="true"
href="mailto:Yanel-development@wyona.com">Yanel-development@wyona.com</a><br>
<a moz-do-not-send="true"
href="http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development"
target="_blank">http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>