Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Relogin problems

    I am using JDBCRealm Authentication, but the relogin-window is not appearing when the session expires, so I am investigating what is the problem.

    I use the method explained here:
    https://isomorphic.atlassian.net/wik...mcat+JDBCRealm

    In the documentation (http://www.smartclient.com/smartgwt/...s/Relogin.html) I read:
    Code:
    If your authentication system will redirect to a login page when a user's session is timed out, it's sufficient to simply embed the loginRequiredMarker in the login page.
    Which code exactly is redirecting the user to a login page when the session is timed out?
    This one in web.xml?
    Code:
    <login-config>
		<auth-method>FORM</auth-method>
		<realm-name>User Auth</realm-name>
			<form-login-config>
				<form-login-page>/login.html</form-login-page>
				<form-error-page>/error.html</form-error-page>
			</form-login-config>
	</login-config>
    If yes, I don't know what is missing in my code. I also have
    Code:
    RPCManager.setLoginRequiredCallback(new LoginRequiredCallback() {

			@Override
			public void loginRequired(int transactionNum, RPCRequest request,
					RPCResponse response) {
				
			}
		});
    But this method is not being called when the session is timed out.
    Last edited by edulid; 19 Feb 2015, 08:19.
    Tags: None
    #2
    Hi edulid,

    do you have
    Code:
    <SCRIPT>//'"]]>>isc_loginRequired
//
// Embed this whole script block VERBATIM into your login page to enable
// SmartClient RPC relogin.
 
while (!window.isc && document.domain.indexOf(".") != -1) {
    try {
 
        if (parent.isc == null) {
            document.domain = document.domain.replace(/.*?\./, '');
            continue;
        }
        break;
    } catch (e) {
        document.domain = document.domain.replace(/.*?\./, '');
    }
}
 
var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;
if (isc) isc.RPCManager.delayCall("handleLoginRequired", [window]);
</SCRIPT>
    in your login.html?

    Best regards,
    Blama

    Comment

      #3
      No, but this:
      Code:
      <SCRIPT>//'"]]>>isc_loginRequired
//
// Embed this whole script block VERBATIM into your login page to enable
// SmartClient RPC relogin.
//=======    



if (!window.isc && document.domain && document.domain.indexOf(".") != -1 
	&& !(new RegExp("^(\\d{1,3}\\.){3}\\d{1,3}$").test(document.domain))) 
{
    
    var set = false;
    while (document.domain.indexOf(".") != -1) {
        try {
            if (window.opener && window.opener.isc) break;
            if (window.top.isc) break;
            
            if (!set) { document.domain = document.domain; set = true; }
            else { document.domain = document.domain.replace(/.*?\./, ''); }
        } catch (e) {
            try {
                if (!set) { document.domain = document.domain; set = true }
                else { document.domain = document.domain.replace(/.*?\./, ''); }
            } catch (ee) {
                break;
            }
        }
    } 
}

var isc = top.isc ? top.isc : window.opener ? window.opener.isc : null;
if (isc && isc.RPCManager) isc.RPCManager.delayCall("handleLoginRequired", [window]);
</SCRIPT>

      Comment

        #4
        I got the code from the end of the 1st link you showed.

        Is there different code linked somewhere?
        Actually, the last "if" in the linked code is
        Code:
        if (isc) isc.RPCManager.delayCall("handleLoginRequired", [window]);
        while I have
        Code:
        if (isc.Canvas) isc.RPCManager.delayCall("handleLoginRequired", [window]);
        I copied my code 2 years ago I'd guess.

        @Isomorphic: What is correct?

        Best regards,
        Blama

        Comment

          #5
          I got it from the actual 5.0p eval download.

          Comment

            #6
            The most recent is correct (of course) but the difference matters only for an extremely obscure situation involving "HiddenFrame" protocol and doesn't matter here.

            @edulid: the first thing to check is whether, when the session is expired, you see your server return the loginRequired response as expected. You can use the browser's built-in tools to check.

            Comment

              #7
              Using chrome tools, I found out that I only get this back:
              sc/IDACall?isc_rpc=1&isc_v=v10.0p_2015-02-11&isc_xhr=1
              Code:
              //isc_RPCResponseStart-->[{affectedRows:0,invalidateCache:false,isDSResponse:true,queueStatus:-1,status:-1,data:null}]//isc_RPCResponseEnd

              Comment

                #8
                So what would be the second step? As I said, I have
                Code:
                <login-config>
		<auth-method>FORM</auth-method>
		<realm-name>MyRealm</realm-name>

		<form-login-config>
			<form-login-page>/login.jsp</form-login-page>
			<form-error-page>/autherr.jsp</form-error-page>
		</form-login-config>

	</login-config>
                so why may be this not working?

                Comment

                  #9
                  This suggests that the JDBCRealm authentication system doesn't think the session is expired, and so allowed the request to proceed normally, without a redirect.

                  So why did you think it was expired?

                  Comment

                    #10
                    I set the session timeout to 1 minute:

                    web.xml:
                    Code:
                    <session-config>
		<session-timeout>1</session-timeout>
	</session-config>
                    I have a listGrid and a "reload" button for testing. The "reload" button works fine if I click it before the timeout expires. If I wait one minute or more, I get the following:
                    Code:
                    Server returned FAILURE with no error message performing operation 'schueler_table_fetch'.
                    So the session seems here expired.

                    Comment

                      #11
                      Isomorphic?

                      Comment

                        #12
                        Essentially you (or the browser request) is hitting the IDACall servlet and receiving this response:

                        Code:
                        //isc_RPCResponseStart-->[{affectedRows:0,invalidateCache:false,isDSResponse:true,queueStatus:-1,status:-1,data:null}]//isc_RPCResponseEnd
                        This seems to imply that either the IDACall servlet is not protected, or the session hasn't timed out, so it can be hit and will attempt to process a request, rather than redirecting to the login page.
                        As such, the client side code isn't getting back the loginRequiredMarker - it's not being notified that the session has expired and the user needs to relogin.

                        Regards
                        Isomorphic Software

                        Comment

                        Previous template Next
                        Working...
                        X