<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Balz<br>
<br>
On 5/17/11 7:31 AM, <a class="moz-txt-link-abbreviated" href="mailto:baszero@gmail.com">baszero@gmail.com</a> wrote:
<blockquote
cite="mid:F57711CD-320D-4975-B970-45DB2467C5F2@gmail.com"
type="cite">
<div>hi michael </div>
<div><br>
</div>
<div>i would rather store it in the user profile xml and not in
the meta property. <br>
</div>
</blockquote>
<br>
that depends on the implementation. The below is just the API how it
would be called within the authenticator.<br>
<br>
Cheers<br>
<br>
Michael<br>
<blockquote
cite="mid:F57711CD-320D-4975-B970-45DB2467C5F2@gmail.com"
type="cite">
<div><br>
</div>
<div>cheers<br>
<br>
<div><br>
</div>
_____________________
<div>CTO / <span class="Apple-style-span" style="">Zwischengas
AG</span></div>
<div><a moz-do-not-send="true" href="http://www.zwischengas.com">www.zwischengas.com</a></div>
<div><br>
</div>
<div>Sent via iPhone</div>
</div>
<div><br>
On 16.05.2011, at 23:04, Michael Wechner <<a
moz-do-not-send="true" href="mailto:michael.wechner@wyona.com">michael.wechner@wyona.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div> Hi Balz<br>
<br>
On 5/16/11 5:06 PM, basZero wrote:
<blockquote
cite="mid:BANLkTin--_+PxkUC6_GzGTff8beqCWuRAw@mail.gmail.com"
type="cite">Hi Michael,
<div><br>
</div>
<div>as just discussed, what I meant by "auto-login" is not
just pre-filling the username field in the login form.</div>
</blockquote>
<br>
sorry, right, I misunderstood<br>
<blockquote
cite="mid:BANLkTin--_+PxkUC6_GzGTff8beqCWuRAw@mail.gmail.com"
type="cite">
<div>By "auto-login", I mean the following:</div>
<div><br>
</div>
<div>- the user accesses ANY page within my realm</div>
<div>- at every request it is verified whether the user is
logged in (means: getIdentity() != null ?)</div>
<div>- if there is no identity available, the request is
checked for the autologin cookie</div>
<div>- if there is no autologin cookie, proceed as usual (=
user remains anonymous)</div>
<div>- if there IS an autologin cookie, the user gets
authenticated automatically (without seeing any form or
the need of pressing a submit button) and the user is
logged in.</div>
</blockquote>
<br>
sounds good also from a peformance/scalability point of view,
except it's unclear to me where<br>
we should save the tokens persistently and how to clean them
if they have expired.<br>
<br>
I guess we could save them together with the user profile,
e.g.<br>
<br>
getRealm().getIdentityManager().getUserManager().getUser("baszero").setProperty("autologin-token",
TOKEN-ID);<br>
<br>
WDYT?<br>
<br>
Thanks<br>
<br>
Michael<br>
<br>
<blockquote
cite="mid:BANLkTin--_+PxkUC6_GzGTff8beqCWuRAw@mail.gmail.com"
type="cite">
<div><br>
</div>
<div><b>Implementation:</b></div>
<div>The standard way of how this usually gets implemented
is as follows:</div>
<div>- The cookie contains USERID, TOKEN</div>
<div>- After every successful authentication, a new TOKEN
gets created and stored in the COOKIE (for the next time).
The realm also stores the new token for this user (so that
it can be verified the next time).</div>
<div>- How to do the authentication: the token from the
cookie must match the last stored token for this user. if
it matches, the user gets logged in without the need of
the password.</div>
<div><br>
</div>
<div>A normal side effect of this implementation is: </div>
<div>- if the user uses a web browser and for instance an
iPad, every time he switches the device, the token
obviously does not match anymore and he has to login by
the usual login form where he enters username and password
(and where he can checkbox the autologin feature again).</div>
<div><br>
</div>
<div><b>Next steps for Yanel:</b></div>
<div>It would be great if this functionality could be
plugged into the request pipeline of Yanel.</div>
<div>An alternative is to write a Request Pipeline Filter
for TOMCAT so that the request goes through that servlet
each time.</div>
<div><br>
</div>
<div>What do you propose?</div>
<div><br>
</div>
<div>Cheers</div>
<div>Balz</div>
<div><br>
</div>
<div><br>
<div class="gmail_quote">On Mon, May 16, 2011 at 4:48 PM,
Michael Wechner <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:michael.wechner@wyona.com">michael.wechner@wyona.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">Hi Balz
<div class="im"><br>
<br>
On 5/16/11 4:09 PM, basZero wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt
0pt 0pt 0.8ex; border-left: 1px solid rgb(204,
204, 204); padding-left: 1ex;"> Hi Michael,<br>
<br>
you once mentioned that Yanel comes out of the box
with an auto login feature?<br>
Can you point me to the source code? I didn't find
it.<br>
</blockquote>
<br>
</div>
Have a look at<br>
<br>
src/webapp/src/java/org/wyona/yanel/servlet/security/impl/DefaultWebAuthenticatorImpl.java<br>
<br>
and search for<br>
<br>
remember-my-login-name<br>
<br>
(also see rememberLoginNameCookie.setMaxAge(86400); //
1 day is 86400 seconds)<br>
<br>
(also see src/webapp/xslt/login-screen.xsl)<br>
<br>
HTH<br>
<br>
Michael
<div>
<div class="h5"><br>
<blockquote class="gmail_quote" style="margin: 0pt
0pt 0pt 0.8ex; border-left: 1px solid rgb(204,
204, 204); padding-left: 1ex;"> <br>
I just want to see how it is done.<br>
<br>
Cheers<br>
Balz<br>
</blockquote>
<br>
</div>
</div>
<font color="#888888"> -- <br>
Yanel-development mailing list <a
moz-do-not-send="true"
href="mailto:Yanel-development@wyona.com">Yanel-development@wyona.com</a><br>
<a moz-do-not-send="true"
href="http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development">http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development</a><br>
</font></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
<blockquote type="cite">
<div><span>-- </span><br>
<span>Yanel-development mailing list <a
moz-do-not-send="true"
href="mailto:Yanel-development@wyona.com">Yanel-development@wyona.com</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development">http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development</a></span></div>
</blockquote>
</blockquote>
<br>
</body>
</html>