I want to restrict user for multiple login at a same time. Am following custom authentication method from below link
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/authentication-security/custom-authentication/
To achieve, I wanted know whether current login request is already logged in or not from some other device(session). Where or from which method am going get these details?
Please let me know how to get and return error custom message from this java file to adapter's calling method.
I don't believe any of the built-in APIs will provide what you are looking for.
Instead, I think you need to create your own implementation from scratch. Meaning, create some database to store the current status of each user. Update it every time, check the status whenever someone tries to login ...
Related
I would like to know if there is a way to find out in APEX when an particular user is logged in directly or via the "Login As" feature from the organization's user list.
The UserInfo class doesn't seem to provide any methods for this purpose and i need to know this in my apex code.
thanks in advance
Something is tracking that your session previously belonged to another user so that the "Logged in as XYZ (foo#bar.com)" message can be displayed in the Salesforce UI.
I suspect this would be cookie based. If this is the case, you could try and isolate it by tracking the cookie changes when you login as another user. If you can find it then you can check for the presence of this cookie in Apex using
Cookie counter = ApexPages.currentPage().getCookies().get('loginAsCookieHere');
As far as I know this isn't possible with salesforce.
I'm writing a Rally app using REST service calls and JQuery. I'd like to customize app behavior to the current user, i.e., show their default project. Is there a way to get a username or ID for the current auth session? The closest I've found is this website url, which redirects to the userid (if you request it while logged in).
https://rally1.rallydev.com/#
But is there a real way to do it? A REST call would be nice, but I guess that's not RESTful?
You can make a request to https://rally1.rallydev.com/slm/webservice/1.38/user.js and it will return results for the currently logged in user.
Include UserProfile and DefaultProject in your fetch and any other fields on Project, Workspace, WorkspaceConfiguration and UserProfile objects and you should be able to get most of the info you're looking for.
If you're using SDK 2 some of this information is already available in the current context:
Rally.environment.getContext().getUser();
Here is the scenario. I have two objects Users (with username/password) and UserInfo with rest of the data related to user. The Users is an old table with thousands of records and UserInfo is fairly new. I want to get as much UserInfo as I can when the user first logs in.
I'd like to force user to a custom screen after first login and ask for the UserInfo data. Once I get the "required" data in the new screen, I dont show it till the user voluntarily wants to fill in the data under "Profile".
Since there are multiple entry points to the application, I dont want to update all the controllers to check for this.
Is there a way I can use a Spring Security filter or something which is executed on successful login? I had a look at ApplicationListener<AuthenticationSuccessEvent> but it doesnt solve the problem as if I copy paste the link in the browser, it lets me go ahead to the destination without asking for "extra information".
In a nutshell, I want a check after each login which, if fails, user is not allowed to enter the application. No matter how he tries to get in.
In your Config.groovy, configure Spring Security's defaultTargetUrl and tell it to always redirect there:
grails.plugins.springsecurity.successHandler.alwaysUseDefault = true
grails.plugins.springsecurity.successHandler.defaultTargetUrl = '/userInfo/edit'
In your UserInfoController's edit action, you can check that the required fields are present (userInfo.validate() perhaps?) and if they are, redirect to wherever you like, perhaps '/', otherwise render the edit info view.
You can adopt what #doelleri proposed and enhance the rule by those steps:
run a batch task to assign a temporary ROLE_DISABLED role to each user who does not provide supplemental information yet. If the user already had some roles, save them in some property.
setup your authorization rule as that users with ROLE_DISABLED role only allowed to access /userInfo/edit.
in /userInfo/edit, if the user has a ROLE_DISABLED role, render the information input view, and resume user's role after it successfully updated its information. Otherwise redirect to '/' or the path it requested.
I'm new to Symfony and PHP (previously worked with C++, Java) and I can't find any solution on how to log user login and logout actions to a database. I want those specific informations:
user who took the action (via userId),
action description (login or logout),
current timestamp.
I'm looking for the simplest possible solution. I managed to successfully log information on user login by modifying function rendering user login form, but I failed miserably when it comes to logout. I know it is a terrible idea after all, but I couldn't come up with any better one. Any suggestions? Thanks in advance.
If you have a look here, it says you can define a success handler and a failure handler which you use to log stuff to your database. You can also find the handler parameters defined in the reference documentation.
Login
You would first create a service which get's the security.context and entityManager as parameters and uses both to determine which user logged in. This service is then added to the success_handler parameter and therefor called after the user logs in.
Logout
This one is more tricky I guess, as I would assume that the security.context has no information about the user anymore and you cannot use it to determine which user is logging out. You may want to look into what the handlers parameter actually is. It might be a handler which is called while processing the logout, so you could use it. Of course you might log some logouts which fail because without the success handler you cannot be sure the logout was successfull. On the other hand, maybe you can get the session id from somewhere (again, security.context maybe) and log this instead.
Has anyone successfully implemented the Google Identity Toolkit, an implementation of an Account Chooser. I followed the initial steps here, but I still have a few questions, as I don't quite know how to handle the entire data flow. I'm using Clojure / Compojure in the back-end:
http://havethunk.wordpress.com/2011/08/10/google-identity-toolkit-asp-net-mvc3/
http://code.google.com/apis/identitytoolkit/v1/acguide.html
A) don't quite understand how ID Provider authentication, fits into my data model
when implementing the callbackURL, what data should I expect, and
how's that session state managed by GITkit (and all Account Choosers)
B) Is there a way to set this up the 'callbackURL' for development.
the identity provider would need a URL that it can redirect back to
C) How can the GITkit / Account Chooser workflow let my users register an account that's native to my app?
Thanks in advance
The questions aren't entirely clear, but I've done an implementation of GITkit in ruby and can give you some pointers.
A) The callback URL is what handles the assertion from the identity providers. Rightnow GITKit only does OpenID, so the URL will contain an OpenID response either in the query parameters or as the POST body. You'll need to do a few things:
1) Call verifyAssertion in the gitkit API and pass the params/post body. This will return a JSON response that contains the user details (assuming assertion is valid). There are some other checks you should do as well
2) Decide what to do with the assertion. If it is an existing user, most likely you'll just establish a session and save the user ID. If it's a new user, you can either create a new account and start a session immediately, or defer that and redirect them to a signup page.
3) Render HTML/JS to notify the widget. There are different status codes and data you can return that changes the flow.
GITKit itself doesn't really manage session state, that's up to your app. Some of the reference implementations have code to help, but it's not part of the API. The widget does have some state that you can control with JS (add account, show as logged in, etc) and uses local storage in the browser.
The docs give some details and example code for how this should be implemented.
B) Of course. The URL is just configured in the javascript widget when you call setConfig() It can be set to localhost or any staging server for development. So long as your browser can reach it you're OK.
C) By "native", I assume you mean where they're signing up with just a username/password instead of using an IDP. If so, the user just has to enter their email address when logging in. If that email address matches a known IDP it'll attempt to authenticate with OpenID, otherwise if it's a new user it'll redirect to whatever signup page you configured in the widget. That signup page would just ask the user to create a password like you normally would. You should also return whether or not accounts are 'legacy' (password) accounts in the userStatus checks.
Hope that helps.
For anyone's future reference. I was able to resolve the issue. You can follow this thread of how's it's done in Clojure.
I got it working with Ring/Compojure, and another fellow showed me his solution in Webnoir.
HTH