1

I use UserService to manage my registrations (Federated and OAuth - Hybrid). I use User.getCurrentUser inside of the app at "various" places (non-servlets too) to determine who the current user is.

I am giving out my API to allow users to call few methods which uses getCurrentUser. I can add a filter and control my authentication but I cannot force UserService to login a user which can be used in the rest of the app - User.getCurrentUser.

I am stumped and am not sure how to continue at this point.

Please help.

RocketDonkey
  • 36,383
  • 7
  • 80
  • 84
cloudpre
  • 1,001
  • 2
  • 15
  • 28

1 Answers1

2

If you redirect to the createLoginURL method, it will force the user to signin.

You have to wrap your getCurrentUser() API method to detect if it sees a null user and force a login in that case.

like:

UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
if (user == null) {
  session.setAttribute("isLoggedIn", true);
  session.setAttribute("authenticatingSite", "google");
  try {
    response.sendRedirect(userService.createLoginURL(redirectURLAfterLogin);
mipe34
  • 5,596
  • 3
  • 26
  • 38
shivbits
  • 101
  • 1
  • 5