--047d7b10d01dfc417c04ddb514a2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,
I apologize for the state of the internal documentation.
If someone is willing to contribute documentation to the repository, both I
and the community will be very grateful! The procedure for this is to clone
the repository in github, add the documentation to the "docs" subdirectory,
and then issue a "pull" request.
Lincoln
On Fri, May 24, 2013 at 5:48 AM, Michael Dondrup
Post by unknown=pod
Dear Ryan,
thank you so much for the source code. I have implemented a solution based
on the code
found in your authentication module, and it worked! In the end, it turned
out that I was
failing to set the session cookie, something that one has to do yourself
if one attempts authentication
outside of the ordinary GBrowse control flow. I must admit that this was
kinda stupid mistake.
For the sake of adding to the developer documentation - I found that
GBrowse could really need some
improvement of the internal code documentation, there is hardly anything -
I wish to provide a
little more detail about my setting and code.
I am implementing SAML based authentication for our local GBrowse
installation. This setting is very similar to
described by Ryan. The authentication is provided by a SAML Identity
provider (IdP) for single sign-on,
in this case simpleSAMLphp.
When a restricted resource is encountered, the authentication plugin
redirects to the IdP, which maintains its
own session with the client. After a successful login at the IdP, the IdP
sends an encrypted message with the
credentials to GBrowse, this can be done via different mechanisms, but in
this case the message is sent via
HTTP POST. The receiver (Net::SAML in this case) decrypts the message and
returns the user credentials.
In some settings (mod_fcgid) I had experienced problems with sudden
crashes (e.g. sig_pipe) of the
receiving process. For reasons I have to further investigate, crashes
occur if
I just let the gbrowse cgi script receive the post message and dispatch it
to the
authentication plugin.
In order not to mess with the original gbrowse cgi, I implemented another
cgi script as a receiver of the post data. Using my own script to
initialize the session and authenticate
the users also means that I am totally responsible for setting the session
up correctly. One of the things
that need to be done in this case is to generate the session cookie, this
is not necessary if one is implementing
the authentication through the plugin because gbrowse will handle setting
the cookie.
As a result, the complete sequence of commands to initialize a session
with an external perl script
and load the interface with the user logged in, (given _parse_saml() is a
function returning some credentials)
is given below for completeness.
=cut
#!/usr/bin/env perl
use strict;
use warnings;
use Bio::Graphics::Browser2;
Bio::Graphics::Browser2::UserDB;
use CGI::Fast qw(:standard);
use CGI::Cookie;
use JSON;
my $DEBUG = 1;
my $myurl = "http://localhost/fgb2/gbrowse/yeast"; # or whatever to load
while (my $q = CGI::Fast->new) {
my ($userid, $displayName, $email) = (_parse_saml());
if ($userid) {
my $globals = Bio::Graphics::Browser2->open_globals;
my $userdb = Bio::Graphics::Browser2::UserDB->new($globals);
## get the session
my $session = $globals->session;
my $sessionid = $session->id;
## set the username for the session
$session->username($userid);
$session->flush();
## check if the user exists already
my $confirmedUserId = $userdb->userid_from_username($userid);
if ( $confirmedUserId eq "") {
print STDERR "User $userid does not yet exist; will create.\n" if
$DEBUG;
print STDERR "Flushed session. Will now create user using
session.\n" if $DEBUG;
my ($status,undef,$message) =
$userdb->do_add_user($userid,$email,$displayName,'dummy-password',$sessionid);
print STDERR "Results from do_add_user: Status: $status\n" if
$DEBUG;
print STDERR "Results from do_add_user: Message: $message\n" if
$DEBUG;
$userdb->set_confirmed_from_username($userid);
print STDERR "User set as confirmed.\n" if $DEBUG;
## set the full name, but only once
$userdb->set_fullname_from_username($userid, $displayName,
$email) if $displayName;
} else {
print STDERR "Found existing user with ID: $confirmedUserId so
skipping creation.\n" if $DEBUG;
}
## now generate the html page that will initialize the session
my $cookie = CGI::Cookie->new(-name => 'gbrowse_sess',
-path => '/fgb2/',
-expires => '+1M',
-value => $sessionid);
my $result = to_json { userOK => 1,
sessionid => $sessionid,
username => $username,
message => 'login ok',
};
## import required javascript functions
my $htmlhead = <<HTML
<script src="gbrowse2/js/login.js" type="text/javascript"></script>
<script src="/gbrowse2/js/controller.js" type="text/javascript"></script>
HTML
;
print header(-type=>"text/html", -cookie=>$cookie);
print start_html(-head=>$htmlhead);
print script({-type=>'text/javascript'},
<<SCRIPT
var p = $result;
login_load_account("$myurl", p);
SCRIPT
);
print end_html();
} else {
die "I should never receive invalid userid from external IdP";
}
sub _parse_saml {
}
__END__
This script should generate a page setting the session cookie, and the
javascript that loads the
gbrowse session. Hope this is useful in the future.
Best
Michael
Post by Ryan DohertyHi Micheal,
I'm not on the GBrowse team, but have been trying to do a similar thing,
with success. Let me tell you what I've done and maybe you can take the
pieces of it you need.
We have a system which establishes a session separate from gbrowse; when
a user logged into that system, I wanted to "automatically" log the user
into his corresponding gbrowse account (i.e. log in to both systems
simultaneously). Also, if the user exists in our main system, but does
NOT exist in gbrowse (yet), we wanted to be able to create a new account
for him on the fly. It is working; however I'm still working on some
details regarding configuration and postgres support on the backend.
1. Our system's login process (java on tomcat) sets a custom cookie on
the client for our main system, which contains the userid and a
checksum, and then redirects to a stand-alone HTML page, passing along a
URL that the user will eventually be redirected to.
2. The HTML page loads javascript that submits the information in the
cookie (via AJAX) as the username and "password" to gbrowse.
3. A custom gbrowse authentication plugin connects to a web service,
asking if the username and checksum are valid and retrieving the user's
email and display name if so.
4. If the creds are valid, the plugin looks to see if the user exists in
gbrowse (i.e. has a gbrowse account), and creates one if not,
establishing a session for the new user.
5. The 'authority' value (which confirms the login was successful), is
returned to the client, where a second AJAX call uses it to request the
user's session ID.
6. The gbrowse session ID and auth ID are returned to the client, where
more javascript sets them as normal gbrowse session cookies.
7. The user is redirected to the URL originally passed to the standalone
HTML page.
At the end of this process, both our system's normal login cookie, and
the needed gbrowse cookies are set on the client, so the user can visit
a gbrowse page and is already logged in. We never display the
Login/Account/Logout links in gbrowse itself (hidden with CSS).
Instead, we have a logout link for our whole system which expires not
only our normal cookie, but the gbrowse cookies as well. Obviously,
this requires our regular system and gbrowse to share a domain, and
there are a few other details I'm glossing over.
The thing that might help you out the most is the authentication plugin,
https://www.cbil.upenn.edu/svn/apidb/ApiCommonShared/branches/gbrowse_login/Model/lib/gbrowse/plugins/WdkSessionAuthenticator.pm
Post by Ryan DohertyIf you're interested in the javascript that creates the session, let me
know and I'll point it to you. I had to make some modifications to
functions in controller.js and login.js. As I said, I'm not an expert
and don't know everything about how gbrowse maintains its sessions, but
I'll answer any questions you have the best I can.
Ryan
Dear Gbrowse list,
I have, with a little desperation, started to search look for
documentation on the Gbrowse2 Session module. In particular, I am
Post by Ryan Dohertyinterested in how to *correctly* initialize and build up a Gbrowse
session which is fully authorized for a user. Let's assume the
Post by Ryan Dohertytask is to: write a cgi script (in addition to the gbrowse cgi) to
initialize a gbrowse session with an authenticated user, such that in
Post by Ryan Dohertythe next invocation of gbrowse, the user is authenticated and logged in.
I found by reading through the source code and reverse
engineering a sequence of commands that will *almost* get me there. I
- the example code below works in case I already have a Gbrowse session
- the example doesn't work when there is no session at all, because
subsequent calls to gbrowse make a new session which then is not
authenticated.
Post by Ryan DohertySo, what is the correct way to initialize a Gbrowse2 Session
programmatically? Am I missing something.
Post by Ryan DohertyI'd really appreciate your help, because now I am definitely stuck.
Michael Dondrup
Postdoctoral fellow
Sea Lice Research Centre/Department of Informatics
University of Bergen
Thormøhlensgate 55, N-5008 Bergen,
Norway
#!/usr/bin/env perl
use strict;
use warnings;
use Net::SAML;
use CGI::Fast qw(:standard);
use Bio::Graphics::Browser2;
use Bio::Graphics::Browser2::Render::HTML;
while (my $q = CGI::Fast->new) {
my $username ="valid user";
# it's not really important where this comes from,
# the user information is coming from an authentication module using
Net::SAML
Post by Ryan Dohertymy $fullname = "Fully Valid";
if ($username) {
my $p = "https://url";
my $myurl = "https://url/gbrowse/lsalmonis/";
my $htmlhead = <<HTML
<script src="$p/gbrowse2/js/login.js" type="text/javascript"></script>
<script src="$p/gbrowse2/js/controller.js"
type="text/javascript"></script>
Post by Ryan DohertyHTML
;
## get the session and initialize it
my $session = $render->session;
$session->lock();
$session->username($username);
$session->flush;
my $userdb = $render->userdb;
my $id =
$userdb->check_or_add_named_session($session->id,$username);
Post by Ryan Doherty$userdb->set_fullname_from_username($username=>$fullname,$mail)
if defined $fullname;
Post by Ryan Dohertywarn "username ".$session->username. " stored in session
".$session->id();
Post by Ryan Doherty# now authenticate
my ($sid, $nonce) = $render->authorize_user($username,$id,
1,undef);
$render->user_authorized_for_source($username);
Post by Ryan Doherty## prepare for JavaScript invocation
## seems like the final step is to invoke login_load_account to
make the UI aware of the login
Post by Ryan Doherty# convert the login data to json
my $result = to_json { userOK => 1,
sessionid => $id,
username => $username,
message => 'login ok',
};
## print an intermediate web page to invoke javascript
print header(-type=>"text/html");
print start_html(-head=>$htmlhead);
print b("user $username". (($is_authorized)?" is ": "is
not ") . "authorized!");
Post by Ryan Dohertyprint script({-type=>'text/javascript'},
<<SCRIPT
var p = $result;
login_load_account("$myurl",p);
SCRIPT
);
$session->unlock();
print end_html();
}
------------------------------------------------------------------------------
Post by Ryan DohertyLearn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Gmod-gbrowse mailing list
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
------------------------------------------------------------------------------
Post by Ryan DohertyLearn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Gmod-gbrowse mailing list
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Gmod-gbrowse mailing list
https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse
--
Lincoln D. Stein
Director, Informatics and Biocomputing Platform
Ontario Institute for Cancer Research
101 College St., Suite 800
Toronto, ON, Canada M5G0A3
416 673-8514
Assistant: Renata Musa <***@oicr.on.ca>
--047d7b10d01dfc417c04ddb514a2
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable <div dir="ltr">Hi,<div><br></div><div>I apologize for the state of the internal documentation.</div><div><br></div><div>If someone is willing to contribute documentation to the repository, both I and the community will be very grateful! The procedure for this is to clone the repository in github, add the documentation to the "docs" subdirectory, and then issue a "pull" request.</div> <div><br></div><div style>Lincoln</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, May 24, 2013 at 5:48 AM, Michael Dondrup <span dir="ltr"><<a href="mailto:***@ii.uib.no" target="_blank">***@ii.uib.no</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=pod<br>
<br>
Dear Ryan,<br>
<br>
thank you so much for the source code. I have implemented a solution based on the code<br>
found in your authentication module, and it worked! In the end, it turned out that I was<br>
failing to set the session cookie, something that one has to do yourself if one attempts authentication<br>
outside of the ordinary GBrowse control flow. I must admit that this was kinda stupid mistake.<br>
<br>
For the sake of adding to the developer documentation - I found that GBrowse could really need some<br>
improvement of the internal code documentation, there is hardly anything - I wish to provide a<br>
little more detail about my setting and code.<br>
<br>
I am implementing SAML based authentication for our local GBrowse installation. This setting is very similar to<br>
described by Ryan. The authentication is provided by a SAML Identity provider (IdP) for single sign-on,<br>
in this case simpleSAMLphp.<br>
When a restricted resource is encountered, the authentication plugin redirects to the IdP, which maintains its<br>
own session with the client. After a successful login at the IdP, the IdP sends an encrypted message with the<br>
credentials to GBrowse, this can be done via different mechanisms, but in this case the message is sent via<br>
HTTP POST. The receiver (Net::SAML in this case) decrypts the message and returns the user credentials.<br>
<br>
In some settings (mod_fcgid) I had experienced problems with sudden crashes (e.g. sig_pipe) of the<br>
receiving process. For reasons I have to further investigate, crashes occur if<br>
I just let the gbrowse cgi script receive the post message and dispatch it to the<br>
authentication plugin.<br>
<br>
In order not to mess with the original gbrowse cgi, I implemented another<br>
cgi script as a receiver of the post data. Using my own script to initialize the session and authenticate<br>
the users also means that I am totally responsible for setting the session up correctly. One of the things<br>
that need to be done in this case is to generate the session cookie, this is not necessary if one is implementing<br>
the authentication through the plugin because gbrowse will handle setting the cookie.<br>
<br>
As a result, the complete sequence of commands to initialize a session with an external perl script<br>
and load the interface with the user logged in, (given _parse_saml() is a function returning some credentials)<br>
is given below for completeness.<br>
<br>
=cut<br>
<div class="im"><br>
#!/usr/bin/env perl<br>
use strict;<br>
use warnings;<br>
</div>use Bio::Graphics::Browser2;<br>
Bio::Graphics::Browser2::UserDB;<br>
<div class="im">use CGI::Fast qw(:standard);<br>
</div>use CGI::Cookie;<br>
use JSON;<br>
my $DEBUG = 1;<br>
<br>
my $myurl = "<a href="http://localhost/fgb2/gbrowse/yeast" target="_blank">http://localhost/fgb2/gbrowse/yeast</a>"; # or whatever to load<br>
<div class="im"><br>
while (my $q = CGI::Fast->new) {<br>
</div> my ($userid, $displayName, $email) = (_parse_saml());<br>
if ($userid) {<br>
my $globals = Bio::Graphics::Browser2->open_globals;<br>
my $userdb = Bio::Graphics::Browser2::UserDB->new($globals);<br>
## get the session<br>
my $session = $globals->session;<br>
my $sessionid = $session->id;<br>
## set the username for the session<br>
$session->username($userid);<br>
$session->flush();<br>
## check if the user exists already<br>
my $confirmedUserId = $userdb->userid_from_username($userid);<br>
if ( $confirmedUserId eq "") {<br>
print STDERR "User $userid does not yet exist; will create.\n" if $DEBUG;<br>
print STDERR "Flushed session. Will now create user using session.\n" if $DEBUG;<br>
my ($status,undef,$message) = $userdb->do_add_user($userid,$email,$displayName,'dummy-password',$sessionid);<br>
print STDERR "Results from do_add_user: Status: $status\n" if $DEBUG;<br>
print STDERR "Results from do_add_user: Message: $message\n" if $DEBUG;<br>
$userdb->set_confirmed_from_username($userid);<br>
print STDERR "User set as confirmed.\n" if $DEBUG;<br>
## set the full name, but only once<br>
$userdb->set_fullname_from_username($userid, $displayName, $email) if $displayName;<br>
} else {<br>
print STDERR "Found existing user with ID: $confirmedUserId so skipping creation.\n" if $DEBUG;<br>
}<br>
<br>
## now generate the html page that will initialize the session<br>
## start with the session cookie:<br>
my $cookie = CGI::Cookie->new(-name => 'gbrowse_sess',<br>
-path => '/fgb2/',<br>
-expires => '+1M',<br>
-value => $sessionid);<br>
<br>
? ? ? ## some JSON data is required for calling the java script:<br> <div class="im">? ? ? ?my $result = to_json { userOK ?=> 1,<br> </div>� � � � � � � � � sessionid => $sessionid,<br> <div class="im"> username => $username,<br>
message => 'login ok',<br>
};<br>
</div> ## import required javascript functions<br>
my $htmlhead = <<HTML<br>
<script src="gbrowse2/js/login.js" type="text/javascript"></script><br>
<script src="/gbrowse2/js/controller.js" type="text/javascript"></script><br>
HTML<br>
;<br>
<br>
print header(-type=>"text/html", -cookie=>$cookie);<br>
� �print start_html(-head=>$htmlhead);<br> <div class="im"> print script({-type=>'text/javascript'},<br>
<<SCRIPT<br>
var p = $result;<br>
login_load_account("$myurl", p);<br>
SCRIPT<br>
);<br>
</div> print end_html();<br>
} else {<br>
die "I should never receive invalid userid from external IdP";<br>
}<br>
<br>
sub _parse_saml {<br>
## return some dummy data, this part is a bit simplyfied:<br>
return ('joe', 'joe user', '<a href="mailto:***@user.org">***@user.org</a>');<br>
}<br>
<br>
__END__<br>
<br>
This script should generate a page setting the session cookie, and the javascript that loads the<br>
gbrowse session. Hope this is useful in the future.<br>
<br>
Best<br>
Michael<br>
<div><div class="h5"><br>
On May 8, 2013, at 6:01 PM, Ryan Doherty wrote:<br>
<br>
> Hi Micheal,<br>
><br>
> I'm not on the GBrowse team, but have been trying to do a similar thing,<br>
> with success. Let me tell you what I've done and maybe you can take the<br>
> pieces of it you need.<br>
><br>
> We have a system which establishes a session separate from gbrowse; when<br>
> a user logged into that system, I wanted to "automatically" log the user<br>
> into his corresponding gbrowse account (i.e. log in to both systems<br>
> simultaneously). Also, if the user exists in our main system, but does<br>
> NOT exist in gbrowse (yet), we wanted to be able to create a new account<br>
> for him on the fly. It is working; however I'm still working on some<br>
> details regarding configuration and postgres support on the backend.<br>
><br>
> Here's how it works:<br>
><br>
> 1. Our system's login process (java on tomcat) sets a custom cookie on<br>
> the client for our main system, which contains the userid and a<br>
> checksum, and then redirects to a stand-alone HTML page, passing along a<br>
> URL that the user will eventually be redirected to.<br>
> 2. The HTML page loads javascript that submits the information in the<br>
> cookie (via AJAX) as the username and "password" to gbrowse.<br>
> 3. A custom gbrowse authentication plugin connects to a web service,<br>
> asking if the username and checksum are valid and retrieving the user's<br>
> email and display name if so.<br>
> 4. If the creds are valid, the plugin looks to see if the user exists in<br>
> gbrowse (i.e. has a gbrowse account), and creates one if not,<br>
> establishing a session for the new user.<br>
> 5. The 'authority' value (which confirms the login was successful), is<br>
> returned to the client, where a second AJAX call uses it to request the<br>
> user's session ID.<br>
> 6. The gbrowse session ID and auth ID are returned to the client, where<br>
> more javascript sets them as normal gbrowse session cookies.<br>
> 7. The user is redirected to the URL originally passed to the standalone<br>
> HTML page.<br>
><br>
> At the end of this process, both our system's normal login cookie, and<br>
> the needed gbrowse cookies are set on the client, so the user can visit<br>
> a gbrowse page and is already logged in. We never display the<br>
> Login/Account/Logout links in gbrowse itself (hidden with CSS).<br>
> Instead, we have a logout link for our whole system which expires not<br>
> only our normal cookie, but the gbrowse cookies as well. Obviously,<br>
> this requires our regular system and gbrowse to share a domain, and<br>
> there are a few other details I'm glossing over.<br>
><br>
> The thing that might help you out the most is the authentication plugin,<br>
> which lives (for now) here:<br>
><br>
> <a href="https://www.cbil.upenn.edu/svn/apidb/ApiCommonShared/branches/gbrowse_login/Model/lib/gbrowse/plugins/WdkSessionAuthenticator.pm" target="_blank">https://www.cbil.upenn.edu/svn/apidb/ApiCommonShared/branches/gbrowse_login/Model/lib/gbrowse/plugins/WdkSessionAuthenticator.pm</a><br>
><br>
> If you're interested in the javascript that creates the session, let me<br>
> know and I'll point it to you. I had to make some modifications to<br>
> functions in controller.js and login.js. As I said, I'm not an expert<br>
> and don't know everything about how gbrowse maintains its sessions, but<br>
> I'll answer any questions you have the best I can.<br>
><br>
> Ryan<br>
><br>
><br>
> On 5/7/13 7:31 AM, Michael Dondrup wrote:<br>
>> Dear Gbrowse list,<br>
>><br>
>> I have, with a little desperation, started to search look for documentation on the Gbrowse2 Session module. In particular, I am<br>
>> interested in how to *correctly* initialize and build up a Gbrowse session which is fully authorized for a user. Let's assume the<br>
>> task is to: write a cgi script (in addition to the gbrowse cgi) to initialize a gbrowse session with an authenticated user, such that in<br>
>> the next invocation of gbrowse, the user is authenticated and logged in.<br>
>><br>
>> I found by reading through the source code and reverse<br>
>> engineering a sequence of commands that will *almost* get me there. I am seemingly missing one step only:<br>
>> - the example code below works in case I already have a Gbrowse session<br>
>> - the example doesn't work when there is no session at all, because subsequent calls to gbrowse make a new session which then is not authenticated.<br>
>><br>
>> So, what is the correct way to initialize a Gbrowse2 Session programmatically? Am I missing something.<br>
>><br>
>> I'd really appreciate your help, because now I am definitely stuck.<br>
>><br>
>><br>
>><br>
>> Michael Dondrup<br>
>> Postdoctoral fellow<br>
>> Sea Lice Research Centre/Department of Informatics<br>
>> University of Bergen<br>
>> Thormøhlensgate 55, N-5008 Bergen,<br>
>> Norway<br>
>><br>
>><br>
>> #!/usr/bin/env perl<br>
>><br>
>> use strict;<br>
>> use warnings;<br>
>> use Net::SAML;<br>
>> use CGI::Fast qw(:standard);<br>
>><br>
>> use Bio::Graphics::Browser2;<br>
>> use Bio::Graphics::Browser2::Render::HTML;<br>
>><br>
>> while (my $q = CGI::Fast->new) {<br>
>> my $username ="valid user";<br>
>> # it's not really important where this comes from,<br>
>> # the user information is coming from an authentication module using Net::SAML<br>
>> my $fullname = "Fully Valid";<br>
>> my $mail = "<a href="mailto:***@mail.com">***@mail.com</a>";<br>
>><br>
>> if ($username) {<br>
>><br>
>> my $p = "<a href="https://url" target="_blank">https://url</a>";<br>
>> my $myurl = "<a href="https://url/gbrowse/lsalmonis/" target="_blank">https://url/gbrowse/lsalmonis/</a>";<br>
>> my $htmlhead = <<HTML<br>
>> <script src="$p/gbrowse2/js/login.js" type="text/javascript"></script><br>
>> <script src="$p/gbrowse2/js/controller.js" type="text/javascript"></script><br>
>> HTML<br>
>> ;<br>
>> ## STEP 1:<br>
>> ## get the session and initialize it<br>
>><br>
>> my $session = $render->session;<br>
>> $session->lock();<br>
>> $session->username($username);<br>
>> $session->flush;<br>
>><br>
>> ## STEP 2:<br>
>> ## authorization handling:<br>
>> my $userdb = $render->userdb;<br>
>> my $id = $userdb->check_or_add_named_session($session->id,$username);<br>
>> $userdb->set_fullname_from_username($username=>$fullname,$mail) if defined $fullname;<br>
>> warn "username ".$session->username. " stored in session ".$session->id();<br>
>> # now authenticate<br>
>> my ($sid, $nonce) = $render->authorize_user($username,$id, 1,undef);<br>
>> my $is_authorized = $render->user_authorized_for_source($username);<br>
>><br>
>> ## STEP 3:<br>
>> ## prepare for JavaScript invocation<br>
>> ## seems like the final step is to invoke login_load_account to make the UI aware of the login<br>
>><br>
>> # convert the login data to json<br>
>> my $result = to_json { userOK => 1,<br>
>> sessionid => $id,<br>
>> username => $username,<br>
>> message => 'login ok',<br>
>> };<br>
>><br>
>> ## STEP 5:<br>
>> ## print an intermediate web page to invoke javascript<br>
>> print header(-type=>"text/html");<br>
>> print start_html(-head=>$htmlhead);<br>
>> print b("user $username". (($is_authorized)?" is ": "is not ") . "authorized!");<br>
>> print script({-type=>'text/javascript'},<br>
>> <<SCRIPT<br>
>> var p = $result;<br>
>> login_load_account("$myurl",p);<br>
>> SCRIPT<br>
>> );<br>
>> $session->unlock();<br>
>> print end_html();<br>
>> }<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> ------------------------------------------------------------------------------<br>
>> Learn Graph Databases - Download FREE O'Reilly Book<br>
>> "Graph Databases" is the definitive new guide to graph databases and<br>
>> their applications. This 200-page book is written by three acclaimed<br>
>> leaders in the field. The early access version is available now.<br>
>> Download your free book today! <a href="http://p.sf.net/sfu/neotech_d2d_may" target="_blank">http://p.sf.net/sfu/neotech_d2d_may</a><br>
>> _______________________________________________<br>
>> Gmod-gbrowse mailing list<br>
>> <a href="mailto:Gmod-***@lists.sourceforge.net">Gmod-***@lists.sourceforge.net</a><br>
>> <a href="https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse" target="_blank">https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse</a><br>
><br>
><br>
> ------------------------------------------------------------------------------<br>
> Learn Graph Databases - Download FREE O'Reilly Book<br>
> "Graph Databases" is the definitive new guide to graph databases and<br>
> their applications. This 200-page book is written by three acclaimed<br>
> leaders in the field. The early access version is available now.<br>
> Download your free book today! <a href="http://p.sf.net/sfu/neotech_d2d_may" target="_blank">http://p.sf.net/sfu/neotech_d2d_may</a><br>
> _______________________________________________<br>
> Gmod-gbrowse mailing list<br>
> <a href="mailto:Gmod-***@lists.sourceforge.net">Gmod-***@lists.sourceforge.net</a><br>
> <a href="https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse" target="_blank">https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse</a><br>
<br>
<br>
</div></div>------------------------------------------------------------------------------<br>
Try New Relic Now & We'll Send You this Cool Shirt<br>
New Relic is the only SaaS-based application performance monitoring service<br>
that delivers powerful full stack analytics. Optimize and monitor your<br>
browser, app, & servers with just a few lines of code. Try New Relic<br>
and get this awesome Nerd Life shirt! <a href="http://p.sf.net/sfu/newrelic_d2d_may" target="_blank">http://p.sf.net/sfu/newrelic_d2d_may</a><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
Gmod-gbrowse mailing list<br>
<a href="mailto:Gmod-***@lists.sourceforge.net">Gmod-***@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse" target="_blank">https://lists.sourceforge.net/lists/listinfo/gmod-gbrowse</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Lincoln D. Stein<br>Director, Informatics and Biocomputing Platform<br>Ontario Institute for Cancer Research<br>101 College St., Suite 800<br>Toronto, ON, Canada M5G0A3<br>
416 673-8514<br>Assistant: Renata Musa <<a href="mailto:***@oicr.on.ca">***@oicr.on.ca</a>>
</div>
--047d7b10d01dfc417c04ddb514a2--