Topic
  • 7 replies
  • Latest Post - ‏2008-07-18T04:39:04Z by SystemAdmin
SystemAdmin
SystemAdmin
30895 Posts

Pinned topic Dynamic adding of the user to the Group

‏2008-07-10T10:06:00Z |
Hi,

I am adding the user to a separate group only after the login through code(PUMA SPI, addTOGroup). Say a normal user is added to admin group, the admin tab is not reflected after login.. Why is it so? And is there a way to achieve this?

I am basically doing the following things,

1) Calling the loginservice.login method for login
2) In doPostLogin method i am redirecting to a user defined JSP page which has nothing ( i.e a blank page ).
3) From there i am forcefully submitting and taking it to action class and performing PUMA SPI, addToGroup function. ( Here I added a normal user to wpsadmins group )
4) And from there, I am redirecting to user defined home page( a JSP page).
But the admin tab was not present. He was logged in as normal user only :( When I log out and login, the admin tab appears. Is there a way for this(change which i do in groups adding/removal of members) to be refleced while login itself?
Thanks in advance,
Surendar
Updated on 2008-07-18T04:39:04Z at 2008-07-18T04:39:04Z by SystemAdmin
  • jwbarnes
    jwbarnes
    3336 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-10T11:21:19Z  
    this has to do with caching, the portal access control is cached upon login, and only gets rebuilt during the next login, unless you set the cache very low so that it times out and is rebuilt while logged in


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
  • Stefan_Schmitt
    Stefan_Schmitt
    114 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-10T13:12:17Z  
    • jwbarnes
    • ‏2008-07-10T11:21:19Z
    this has to do with caching, the portal access control is cached upon login, and only gets rebuilt during the next login, unless you set the cache very low so that it times out and is rebuilt while logged in


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
    what does drive you to do this change?

    In portal 6.1 I wold write a TAI and enable WAS Group assertion in Portal. Then the TAI can drive the Groups available for this user session.

    the problem you currently see is that Portal Accesscontrol has already computed the access rights and does not update its cache if you add the Group. This would be available with the next login of the user
  • SystemAdmin
    SystemAdmin
    30895 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-11T10:56:54Z  
    • jwbarnes
    • ‏2008-07-10T11:21:19Z
    this has to do with caching, the portal access control is cached upon login, and only gets rebuilt during the next login, unless you set the cache very low so that it times out and is rebuilt while logged in


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
    Jim, which cache i should try enabling or lower the time limit? Can you please tel me that?
  • SystemAdmin
    SystemAdmin
    30895 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-11T11:00:19Z  
    what does drive you to do this change?

    In portal 6.1 I wold write a TAI and enable WAS Group assertion in Portal. Then the TAI can drive the Groups available for this user session.

    the problem you currently see is that Portal Accesscontrol has already computed the access rights and does not update its cache if you add the Group. This would be available with the next login of the user
    Hi Stefan, basically we are changing like this because, we are trying the dynamic member role mapping. One user will be having many profiles which will be changed/mapped accordingly. And we are using portal 6 :(
  • jwbarnes
    jwbarnes
    3336 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-11T11:51:23Z  
    Jim, which cache i should try enabling or lower the time limit? Can you please tel me that?
    well the caches are on by default, you could look into this
    cacheinstance.com.ibm.wps.ac.

    in the cachemanagerservice but I am not even sure that will cause the ac to be dumped while you are logged in.


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
  • Stefan_Schmitt
    Stefan_Schmitt
    114 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-11T14:09:44Z  
    • jwbarnes
    • ‏2008-07-11T11:51:23Z
    well the caches are on by default, you could look into this
    cacheinstance.com.ibm.wps.ac.

    in the cachemanagerservice but I am not even sure that will cause the ac to be dumped while you are logged in.


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
    only changing the cache time will not provide you with the solution you want.

    PAC does cache this infomration for the livetime of the user session as well so you will need to login/logout the user to get the change effective.

    In my mind the determination need to be done priot to the authentication of the user. Meaning in the Portal Authentication framework you have to set the group prior to login and then have the user authenticate which means that the PAC call will get the new group information
  • SystemAdmin
    SystemAdmin
    30895 Posts

    Re: Dynamic adding of the user to the Group

    ‏2008-07-18T04:39:04Z  
    only changing the cache time will not provide you with the solution you want.

    PAC does cache this infomration for the livetime of the user session as well so you will need to login/logout the user to get the change effective.

    In my mind the determination need to be done priot to the authentication of the user. Meaning in the Portal Authentication framework you have to set the group prior to login and then have the user authenticate which means that the PAC call will get the new group information
    Thank you Jim and Stefan. Happy

    @ Stefan : From the idea you suggested, I proceeded with the implementation of JAAS. There I am adding the user to the group(dynamic member mappinig) using PUMA addToGroup method. It worked fine Happy Thank you again a lots to you and as well as to Jim. Happy