search

jnorthr / socialauth

Automatically exported from code.google.com/p/socialauth
0 stars 0 forks source link

Clarification on storing SocialAuthManager in the session - how can it work? #212

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
I'm trying to implement socialauth as a JSF/CDI app and I don't use seam. 
Looking at the getting started page 
http://code.google.com/p/socialauth/wiki/GettingStarted I'm confused about the 
code:

before redirect:

session.setAttribute("authManager", manager);

after redirect (called from the success page):

SocialAuthManager manager = 
(SocialAuthManager)session.getAttribute("authManager");

The problem is it's a different session. The JSESSIONID cookie from the initial 
page isn't propagated on the redirect either as a cookie or alternatively as a 
query param. When the request comes in from the social networking site my 
server knows nothing about it and creates a new session.

I'm not sure how this can be solved. Perhaps I can have a map in an 
applicationscoped bean with synchronised access keyed off openid.assoc_handle 
(available from the target query string), then add this to the success url.

It seems a bit complicated for something not mentioned in the documentation, 
have I missed something?

Thanks.

Original issue reported on code.google.com by healey_b...@yahoo.co.uk on 6 Sep 2012 at 3:35

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
The solution:

There's something very important missing from this example. If you try to 
implement this you'll find that when the social networking site calls the 
successUrl a new session is created and you have no access to the stored 
SocialAuthManager. Of course there is no jsessionid cookie so a new session has 
to be created.

To fix this all you need to do is this (as per servlet spec 7.1.3 URL 
rewriting):

String successUrl= 
"http://opensource.brickred.com/socialauthdemo/socialAuthSuccessAction.do;jsessi
onid=";
String url = manager.getAuthenticationUrl(id, successUrl + sessionId);

You need to figure out how to get the session id in your environment.

Original comment by healey.b...@gmail.com on 7 Sep 2012 at 10:06

GoogleCodeExporter commented 8 years ago 
You can use HttpServletResponse encodeURL method to encode the url before 
redirect, that will get all the session info. Recommended for all redirects.

Original comment by kumar.sa...@gmail.com on 20 Oct 2012 at 2:58

GoogleCodeExporter commented 8 years ago 
I have deployed demo on tomcat and jboss. It is working fine on both server and 
no need to append jsession. But in your case if there is a need to append it 
then you can do it manually as you are doing in successUrl. And it is always in 
your hand how you want to redirect the user on authentication page.

Original comment by tarun.na...@3pillarglobal.com on 19 Jun 2013 at 10:35