diff --git a/src/python/dm/common/service/loginController.py b/src/python/dm/common/service/loginController.py
index 662957a9a8a1a2e505f0ae5d81fd176e1dbe64f5..3f2707c5ffe7c4efb8a78b55564abb90956fdffd 100755
--- a/src/python/dm/common/service/loginController.py
+++ b/src/python/dm/common/service/loginController.py
@@ -1,6 +1,7 @@
#!/usr/bin/env python
import cherrypy
+import datetime
import urllib
from cherrypy.lib import httpauth
@@ -14,6 +15,7 @@ from dm.common.exceptions.invalidSession import InvalidSession
from dm.common.utility.loggingManager import LoggingManager
from dm.common.service.dmController import DmController
from dm.common.service.auth.authorizationPrincipalManager import AuthorizationPrincipalManager
+from dm.common.service.auth.singleSignOnManager import SingleSignOnManager
class LoginController(DmController):
""" Controller to provide login and logout actions. """
@@ -21,6 +23,7 @@ class LoginController(DmController):
SESSION_USERNAME_KEY = '_cp_username'
SESSION_USER_KEY = 'user'
SESSION_ROLE_KEY = 'role'
+ ORIGINAL_SESSION_ID_KEY = 'originalid'
INVALID_SESSION_KEY = 'invalidSession'
_cp_config = {
@@ -97,6 +100,14 @@ class LoginController(DmController):
if principal:
cherrypy.session[LoginController.SESSION_ROLE_KEY] = principal.getRole()
logger.debug('Successful login from user: %s (role: %s)' % (username, principal.getRole()))
+ # Try adding to SingleSignOnManager
+ sessionId = cherrypy.serving.session.id
+ sessionCache = cherrypy.session.cache
+ sessionInfo = {LoginController.SESSION_ROLE_KEY : principal.getRole()}
+ sessionInfo[LoginController.SESSION_USER_KEY] = principal.getUserInfo()
+ sessionInfo[LoginController.SESSION_USERNAME_KEY] = username
+ ssoManager = SingleSignOnManager.getInstance()
+ ssoManager.addSession(sessionId, sessionInfo)
else:
logger.debug('Login denied for user: %s' % username)
username = cherrypy.session.get(LoginController.SESSION_USERNAME_KEY, None)
@@ -128,17 +139,37 @@ class LoginController(DmController):
sessionId = cherrypy.serving.session.id
sessionCache = cherrypy.session.cache
+ # If session cache does not have current session id, reuse original
+ # session id
+ if not sessionCache.has_key(sessionId) and cherrypy.serving.session.__dict__.has_key(LoginController.ORIGINAL_SESSION_ID_KEY):
+ logger.debug('Reusing original session id: %s' % sessionId)
+ sessionId = cherrypy.serving.session.__dict__.get(LoginController.ORIGINAL_SESSION_ID_KEY)
#logger.debug('Session: %s' % ((cherrypy.session.__dict__)))
- #logger.debug('Session cache length: %s' % (len(sessionCache)))
+ logger.debug('Session cache length: %s' % (len(sessionCache)))
#logger.debug('Session cache: %s' % (sessionCache))
# Check session.
- if not sessionCache.has_key(sessionId):
+ # Try SingleSignOnManager first
+ ssoManager = SingleSignOnManager.getInstance()
+
+ # SSO Manager returns session info
+ sessionInfo = ssoManager.checkSession(sessionId)
+ if not sessionInfo:
+ # Cache has tuple (sessionInfo, updateTime)
+ sessionTuple = sessionCache.get(sessionId)
+ if sessionTuple:
+ sessionInfo = sessionTuple[0]
+ else:
+ logger.debug('Retrieved session %s from SSO Manager' % sessionId)
+ sessionCache[sessionId] = (sessionInfo, datetime.datetime.now())
+
+ if not sessionInfo:
errorMsg = 'Invalid or expired session id: %s.' % sessionId
logger.debug(errorMsg)
raise DmHttpError(dmHttpStatus.DM_HTTP_UNAUTHORIZED, 'User Not Authorized', InvalidSession(errorMsg))
- username = cherrypy.session.get(LoginController.SESSION_USERNAME_KEY)
+ username = sessionInfo.get(LoginController.SESSION_USERNAME_KEY)
+ cherrypy.session[LoginController.SESSION_ROLE_KEY] = sessionInfo[LoginController.SESSION_ROLE_KEY]
logger.debug('Session id %s is valid (username: %s)' % (sessionId, username))
if username:
cherrypy.request.login = username