Hi,
I am using JOSSO for single sign for my applications. Two applications are struts based and the one I am developing is seam based application.
I had to remove seam based security from application and authenticating based on SSO-sessionId and keeping loggedInUser in session in authenticator.authenticate
when I logout, I want to remove session based data in the application. I am using the following code. Could anybody tell me if I am doing the things right ? appreciate your help in advance.
code to authenticate the user
public String authenticate()
{
//look for SSO Session Id
HttpServletRequest request = (HttpServletRequest) facesContext.getExternalContext().getRequest();
SSOUser ssoUser = (SSOUser)request.getUserPrincipal();
String ssoSessionId = (String)request.getAttribute("org.josso.agent.ssoSessionid");
if (ssoSessionId !=null && ssoUser !=null)
{
try {
User user = (User)em.createQuery("select u from User u where u.userName='"+ssoUser.getName() +"'")
.getSingleResult();
if (user != null) {
log.info("user #0 found in context",user.getUserName());
Contexts.getSessionContext().set("loggedInUser",user);
return "";
}
}catch(javax.persistence.NoResultException nre) {
facesMessages.add("Invalid login information. Please try again");
return "login";
}
}
return "login";
}
logging out the user
public String logout() {
Session.getInstance().invalidate();
// why this is always printed as true ?? System.out.println(Contexts.isSessionContextActive());
return "logout";
}