Topic
7 replies Latest Post - ‏2008-07-18T04:39:04Z by SystemAdmin
SystemAdmin
SystemAdmin
30895 Posts
ACCEPTED ANSWER

Pinned topic Dynamic adding of the user to the Group

‏2008-07-10T10:06:00Z |
Hi,

I am adding the user to a separate group only after the login through code(PUMA SPI, addTOGroup). Say a normal user is added to admin group, the admin tab is not reflected after login.. Why is it so? And is there a way to achieve this?

I am basically doing the following things,

1) Calling the loginservice.login method for login
2) In doPostLogin method i am redirecting to a user defined JSP page which has nothing ( i.e a blank page ).
3) From there i am forcefully submitting and taking it to action class and performing PUMA SPI, addToGroup function. ( Here I added a normal user to wpsadmins group )
4) And from there, I am redirecting to user defined home page( a JSP page).
But the admin tab was not present. He was logged in as normal user only :( When I log out and login, the admin tab appears. Is there a way for this(change which i do in groups adding/removal of members) to be refleced while login itself?
Thanks in advance,
Surendar
Updated on 2008-07-18T04:39:04Z at 2008-07-18T04:39:04Z by SystemAdmin
  • jwbarnes
    jwbarnes
    3336 Posts
    ACCEPTED ANSWER

    Re: Dynamic adding of the user to the Group

    ‏2008-07-10T11:21:19Z  in response to SystemAdmin
    this has to do with caching, the portal access control is cached upon login, and only gets rebuilt during the next login, unless you set the cache very low so that it times out and is rebuilt while logged in


    IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
    IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

    The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
    • Stefan_Schmitt
      Stefan_Schmitt
      114 Posts
      ACCEPTED ANSWER

      Re: Dynamic adding of the user to the Group

      ‏2008-07-10T13:12:17Z  in response to jwbarnes
      what does drive you to do this change?

      In portal 6.1 I wold write a TAI and enable WAS Group assertion in Portal. Then the TAI can drive the Groups available for this user session.

      the problem you currently see is that Portal Accesscontrol has already computed the access rights and does not update its cache if you add the Group. This would be available with the next login of the user
      • SystemAdmin
        SystemAdmin
        30895 Posts
        ACCEPTED ANSWER

        Re: Dynamic adding of the user to the Group

        ‏2008-07-11T11:00:19Z  in response to Stefan_Schmitt
        Hi Stefan, basically we are changing like this because, we are trying the dynamic member role mapping. One user will be having many profiles which will be changed/mapped accordingly. And we are using portal 6 :(
    • SystemAdmin
      SystemAdmin
      30895 Posts
      ACCEPTED ANSWER

      Re: Dynamic adding of the user to the Group

      ‏2008-07-11T10:56:54Z  in response to jwbarnes
      Jim, which cache i should try enabling or lower the time limit? Can you please tel me that?
      • jwbarnes
        jwbarnes
        3336 Posts
        ACCEPTED ANSWER

        Re: Dynamic adding of the user to the Group

        ‏2008-07-11T11:51:23Z  in response to SystemAdmin
        well the caches are on by default, you could look into this
        cacheinstance.com.ibm.wps.ac.

        in the cachemanagerservice but I am not even sure that will cause the ac to be dumped while you are logged in.


        IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
        IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

        The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
        • Stefan_Schmitt
          Stefan_Schmitt
          114 Posts
          ACCEPTED ANSWER

          Re: Dynamic adding of the user to the Group

          ‏2008-07-11T14:09:44Z  in response to jwbarnes
          only changing the cache time will not provide you with the solution you want.

          PAC does cache this infomration for the livetime of the user session as well so you will need to login/logout the user to get the change effective.

          In my mind the determination need to be done priot to the authentication of the user. Meaning in the Portal Authentication framework you have to set the group prior to login and then have the user authenticate which means that the PAC call will get the new group information
          • SystemAdmin
            SystemAdmin
            30895 Posts
            ACCEPTED ANSWER

            Re: Dynamic adding of the user to the Group

            ‏2008-07-18T04:39:04Z  in response to Stefan_Schmitt
            Thank you Jim and Stefan. Happy

            @ Stefan : From the idea you suggested, I proceeded with the implementation of JAAS. There I am adding the user to the group(dynamic member mappinig) using PUMA addToGroup method. It worked fine Happy Thank you again a lots to you and as well as to Jim. Happy