4 Replies Latest reply on Feb 3, 2014 12:52 PM by pete_freitag

    How to access HttpSession and/or HttpRequest Scopes from CF

    gr8white Level 1

      I've been given a task to integrate a CF application with an authentication process that is Java-based.  We have been provided with a set of filters that are key to this process.  According to the documentation

       

      "...each of the filters places an EntRegSSOToken object into the HttpSession and HttpRequest contexts for use by the integrating application code.  The EntRegSSOToken object is the key integration point for an integrating application.  The requestor’s eReg identity should be obtained from this object.  Below is a small snippet of code showing how an application can determine the requestor’s eReg identity."

       

      (EntRegSSOToken is a class contained in a provided .jar file.)

       

      Here's the sample code snippet:

       

      String eRegUserId = null;

      EntRegSSOToken entRegSSOToken = null;

      entRegSSOToken = (EntRegSSOToken) session.getAttribute(EntRegSSOToken.REQUEST_KEY);

      if(entRegSSOToken != null)  {

             if(entRegSSOToken.isNewUserLoggedIn())  {

                    // code to handle a user that logged out elsewhere and logged in as

                    // a different user.  Typically, all data stored in session context

                    // for the previous user needs to be cleaned up and initialization

                    // done for the newly logged in user.

                    eRegUserId = entRegSSOToken.getUserId();

             } else if(entRegSSOToken.isExpired() {

                    // code here to handle an expired session.  This should not happen

                    // since the session filter should handle it.

             } else  {

                    eRegUserId = entRegSSOToken.getUserId();

             }

      }

       

      If(eRegUserId == null)  {

      // code here to handle a non-logged in user

      } else  {

             // code here to handle a logged in user

      }

       

      I was hoping I might be able to access this token using ColdFusion but I don't have a clue as to how to go about that.  I think maybe the GetPageContext() function might provide the key but I haven't been able to determine just how I would leverage that.  If anyone could provide any insight as to how I could leverage that function (or any other means) to provide the functionality in the example it would be greatly appreciated.

       

      Thanks,

      Ken

        • 1. Re: How to access HttpSession and/or HttpRequest Scopes from CF
          BKBK Adobe Community Professional & MVP

          That is possible. Your ColdFusion version?

          • 2. Re: How to access HttpSession and/or HttpRequest Scopes from CF
            gr8white Level 1

            BKBK, thanks for your interest.  The version as reported in CF Administrator is 9,0,0,251028.

             

            Ken

            • 3. Re: How to access HttpSession and/or HttpRequest Scopes from CF
              pete_freitag Adobe Community Professional

              You can get to the HttpRequest via getPageContext().getRequest() and HttpSession using getPageContext().getRequest().getSession()  You need to know the value of EntRegSSOToken.REQUEST_KEY in order to read the object from the session object. In order to do that from CF you will need the full class name including the package, eg com.example.packagename.EntRegSSOToken, so your code in CF might look like this:             etc.       

              • 4. Re: How to access HttpSession and/or HttpRequest Scopes from CF
                pete_freitag Adobe Community Professional

                Sorry my code was stripped out, try something like this (using cfscript):

                 

                 

                entRegSSOToken = createObject("java", "com.example.something.EntRegSSOToken");

                request_key = entRegSSOToken.REQUEST_KEY;

                entRegSSOToken = getPageContext().getRequest().getSession().getAttribute(request_key);

                if(NOT IsNull(entRegSSOToken))  {

                       if(entRegSSOToken.isNewUserLoggedIn())  {

                              // code to handle a user that logged out elsewhere and logged in as

                              // a different user.  Typically, all data stored in session context

                              // for the previous user needs to be cleaned up and initialization

                              // done for the newly logged in user.

                              eRegUserId = entRegSSOToken.getUserId();

                       } else if(entRegSSOToken.isExpired() {

                              // code here to handle an expired session.  This should not happen

                              // since the session filter should handle it.

                       } else  {

                              eRegUserId = entRegSSOToken.getUserId();

                       }

                }