AnsweredAssumed Answered

java foundation API authentication unsuccessful

Question asked by reachnjain on Jun 24, 2012
Latest reply on Jun 24, 2012 by mrogers
Hi,

I am new to alfresco and this is my first post. I am developing a simple client for my organization as a demo for using alfresco in real projects in the organization.

I am using java foundation API and I already have some success in uploading and searching files. I can login too.

Now the question is this -

Once i login through my client, I am unable to logout. Also, once I login in one browser using my client app, I can open my app in another browser and can upload files without login.

My code is as follows -


@Override
   public String authenticate(String username, String password) {
      AuthenticationService authenticationService = serviceRegistry
            .getAuthenticationService();
      try {

         authenticationService
               .authenticate(username, password.toCharArray());
         String ticket = authenticationService.getNewTicket();
         authenticationService.validate(ticket);
         LOGGER.info("successful login - " + username);
         return ticket;
      } catch (AuthenticationException ex) {
         throw new AuthenticationFailException(LOGIN_FAILED, ex);
      }

   }

   @Override
   public void logout(String username, String ticket) {
      AuthenticationService authenticationService = serviceRegistry
            .getAuthenticationService();
      try {
//         LOGGER.debug("current ticket(before logout) = " + ticket);

         if (authenticationService.authenticationExists(username)) {
            authenticationService.invalidateTicket(ticket);
            authenticationService.invalidateUserSession(username);
         }
//         LOGGER.debug("Authentication exists after logout ="
//               + authenticationService.authenticationExists(username));
//         LOGGER.debug("current ticket(after logout)"
//               + authenticationService.getCurrentTicket());
      } catch (AuthenticationException e) {
         throw new InvalidSessionException(INVALID_SESSION, e);
      } catch (AuthenticationCredentialsNotFoundException e) {
         throw new InvalidSessionException(INVALID_SESSION, e);
      }
   }

Also, I think there should be some handle for session, so that I can use it in every request I make to alfresco. Am I right?

Note: I know that i m not logged out because even after calling logout function, I can still upload and search files without next login.

One more question.. What is the use of ticket if we can do login and logout just with username and password?

Waiting for replies…. :?

Outcomes