The Security Manager contains the updateLoggedOnUser() function, which triggers the Integration event of a Logon Service to update the roles and credentials of a currently logged on user without requiring them to log in again. There are three parameters passed in to this function:
webServiceName the name of the Logon Service to be used to update the user's session.userId the user id of the user whose sessions are to be updated.inParameters an array of arrays containing up to three pairs of parameters. For more information see Logging On and Off.
User details are only updated if an active session exists for the specified user.
An Integration event script needs to handle the updateLoggedOnUser() function. You can use inParameters to indicate that an update is being performed:
var source = fields.PARAM1_SOURCE.value;
var username = fields.PARAM1_VALUE.value;
var password = fields.PARAM2_VALUE.value;
try {
switch (source) {
case "UPDATE":
// This Logon Service event has been called using the updateLoggedOnUser method.
// Don't worry about validating the user details.
break;
case "LOGIN":
default:
// This Logon Service event has been called using the logon method.
// This is the default behaviour of the event.
// Validate the user details
if (!checkUserDetails(username, password)) {
throw new Error("Invalid username or password.");
}
break;
}
// Set the user id
setUserId();
// Populate credentials
populateUserCredentials();
// Populate roles
populateUserRoles();
// Populate authorizations
populateUserAuthorizations();
}
catch (err) {
fields.ERRORCODE.value = "999991";
fields.ERRORDESCRIPTION.value = err.message;
}
You should commit your current transaction before calling updateLoggedOnUser. The Logon Service executes in its own transaction and any changes made within the current transaction will not be visible to the Logon Service until committed.
// The user's roles have been updated in the database
tables.userRoles.updateTable();
// Commit the current database transaction, making the changes visible to the Logon Service
services.transactionManager.commitAndRestartTransaction();
// Call the update method with the current username
system.securityManager.updateLoggedOnUser("myLogonService", system.securityManager.getUserName(), [{"UPDATE", system.securityManager.getUserName()}]);