I am messing around making an app in grails. At this point I have already made a login view and the controller. How its working is I got a service which queries my db for the credentials and then if they are valid proceeds to the main screen as shown below. Now I need to add a session to it so that you cant bypass the login. Keep in mind I got no Domain classes because all I need Im querying the database.
This is how the controller works rn:
The login service is basically a firstrow query.
It isn't clear what you really need but in your controller is a variable named session which you can interact with as a Map and do things like session.isLoggedIn = true or if(session.isLoggedIn) { ... } etc. You probably shouldn't do that sort of thing in your app though. You should consider something like https://grails-plugins.github.io/grails-spring-security-core/.
Related
Trying to retrofit an old webforms application.
Got my configuration working so that it's prompting for login and successfully redirecting back to the application. The folks that manage the IP can see the response is generated.
However in the callback to my application the User is null. I'm told if it's configured correctly it should be populated.
We have a custom IHttpModule and that is where I can see getting hit with the call to /Saml2/Acs with the User not populated. I think this may be expected as the handler for that is supposed to populate the User, I think? However the following call (the returnUrl configured in sustainsys.Saml2) still has no User and I don't see any sort of error or anything.
Anyone with experience have an idea how to debug this?
The call to /Saml2/Acs should be taken care of by the Sustainsys.Saml2.HttpModule. It will process the response and then call the SessionAuthenticationModule to set a cookie that preservers the User across calls.
To get some more information about what's happening in the library, you can assign an implementation of ILoggerAdapter to Sustainsys.Saml2.Configuration.Options.FromConfiguration.SPOPtions.Logger to get some logging output from the library.
My issue turned out to be that I had another authentication module loaded before SessionAuthenticationModule and Saml2AuthenticationModule in the web config.
The comment in the example was
Add these modules below any existing. The SessionAuthenticatioModule
must be loaded before the Saml2AuthenticationModule
However in my case with I had another authentication module involved that needed to go last.
I am using the version TYPO3 9.5.13. If a user is doing a successful login, I store the user data in the controller. If the user comes back from any view to the same controller, the user information, saved in the controller before, are gone. So it seems, that every time the user comes back to the controller a new instance of controller will be opened. PHP globals in TYPO3 are not working.
Therefore I am looking for a way, to have some data always available in the ncontroller. The extension is my own, as well the templates and the views. So if neccessary, I can make any changes.
The only way I currently see, is to send the user data to the views and from the views back to the controller. But that is not easy possible for all my views and also not a elegant way to do.
Do you have any suggestions? Thanks for your support!
You should store your user data in a session variable. this data can be acceessed globaly and TYPO3 will manage it for you. it is available for each request of the client, until he logs out or ends his session (terminate browser, ...)
Thank to Bernd, I found a solution:
$GLOBALS['TSFE']->fe_user->setkey('ses','user',$Setup);
$GLOBALS['TSFE']->storeSessionData();
I stored an array under user. Important is the second line, to store the Session data.
With the below instruction I read it into an array.
$user['user'] = $GLOBALS['TSFE']->fe_user->getKey("ses", "user" );
It is possible to store several variables und of course to change the name user.
You can clear, if you write NULL to it:
$GLOBALS['TSFE']->fe_user->setkey('ses', 'user', NULL);
$GLOBALS['TSFE']->storeSessionData();
I'm successfully using Node.js + Express + Everyauth ( https://github.com/abelmartin/Express-And-Everyauth/blob/master/app.js ) to login to Facebook, Twitter, etc. from my application.
The problem I'm trying to wrap my head around is that Everyauth seems to be "configure and forget." I set up a single everyauth object and configure it to act as middleware for express, and then forget about it. For example, if I want to create a mobile Facebook login I do:
var app = express.createServer();
everyauth.facebook
.appId('AAAA')
.appSecret('BBBB')
.entryPath('/login/facebook')
.callbackPath('/callback/facebook')
.mobile(true); // mobile!
app.use(everyauth.middleware());
everyauth.helpExpress(app);
app.listen(8000);
Here's the problem:
Both mobile and non-mobile clients will connect to my server, and I don't know which is connecting until the connection is made. Even worse, I need to support multiple Facebook app IDs (and, again, I don't know which one I will want to use until the client connects and I partially parse the input). Because everyauth is a singleton which in configured once, I cannot see how to make these changes to the configuration based upon the request that is made.
What it seems like is that I need to create some sort of middleware which acts before the everyauth middleware to configure the everyauth object, such that everyauth subsequently uses the correct appId/appSecret/mobile parameters. I have no clue how to go about this...
Suggestions?
Here's the best idea I have so far, though it seems terrible:
Create an everyauth object for every possible configuration using a different entryPath for each...
Apparently I jumped the gun and wrote this before my morning cup of coffee, because I answered my own question, and it was quite easy to implement. Basically I just had to create my own custom express middleware to switch the everyauth configuration before the everyauth gets its grubby paws on the request, so...
var configureEveryauth = function()
{
return function configure(req, res, next) {
// make some changes to the everyauth object as needed....
next();
};
}
and now my setup becomes:
var app = express.createServer();
everyauth.facebook
.entryPath('/login/facebook')
.callbackPath('/callback/facebook');
app.use(configureEveryauth());
app.use(everyauth.middleware());
everyauth.helpExpress(app);
app.listen(8000);
Notice that I don't even bother fully configuring the everyauth Facebook object during the startup, since I know that the middleware will fill in the missing params.
first post in SO, even though I've been browsing it for years now to solve those mind-blowing and not so much coding problems.
What I want to do is:
* Use hash navigation (#!/).
* Use Zend controller actions, not php files.
* Load these actions through javascript/jQuery.
So far, I've got this working:
indexController, several Actions, each attached to AjaxContext via addActionContext(), I can call them though my javascript/jQuery file via "hashchange" plugin jQuery(window).hashchange(function(){ bla bla }). I can cycle through actions just fine.
But I want to redirect the user to a login page if he/she is not logged in, which brings me to my issue: How can I achieve that? The redirection is made to another controller (login controller, login action). I was trying something like $this->_redirect('/#!/login/login'); w/o any luck (yes, I've set up an AjaxContext in that controller's init). I keep getting a redirection error ("The page isn't redirecting properly"). If I just type in the address bar "/#!/login/login" I get everything display properly.
Anyway, thanks in advance!
Cheers
Now this starts to get complicated if you ever introduce other non-ajax contexts, but you could add the Ajax context to the Error Controller. Then have the error controller return JSON for the unauthenticated exception if the active context was AJAX (and keep the redirect if the default context was active). Your JS would then listen for that specific error provided by the JSON and manually bounce the user to the appropriate login URL.
i have been following some online screencasts and tutorials about zend_auth.
i have a basic zend application created by the zf tool.
within the index controller index action i place a little code to test if a user is authenticated.
if(!Zend_Auth::getInstance()->hasIdentity())
{
$this->_redirect('login');
}
now as far as i'm aware this should check to see if the current session has been authorised with an identity if it hasnt (ie returns false)
it will redirect the screen to the login controller index action.
all i get is the default error action page stating
An error occurred
Application error
does anyone have an idea wtf is going on.
i have a suspicion it has something to do with needing to set up an autoloader but i have already set an include path to the library folder . (plus i have no issues with accessing controller actions and the likes.
i had another issue with a form stopping my application from rendering anything but i will create another question about that.
thanks keyne setting the error reporting on was a good idea
for some reason i thought i had my app sent to development but it was production.
after looking at the error report i found i had forgotten to create a data folder on my test server to hold the session information.
so zend_auth creating a session failed to location the directory.