[jira] [Updated] (ESME-214) Add container-based authentication

Fri, 01 Apr 2011 18:38:47 -0700 

     [ 
https://issues.apache.org/jira/browse/ESME-214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vladimir Ivanov updated ESME-214:
---------------------------------

    Attachment:     (was: ESMELdap_389.properties)

> Add container-based authentication
> ----------------------------------
>
>                 Key: ESME-214
>                 URL: https://issues.apache.org/jira/browse/ESME-214
>             Project: Enterprise Social Messaging Environment (ESME)
>          Issue Type: New Feature
>          Components: Server
>    Affects Versions: 1.3
>            Reporter: Dick Hirsch
>             Fix For: 1.3
>
>         Attachments: cm_login.jsp, jetty-login.properties, pom.xml, 
> server_plain.xml, tomcat-users.xml, web.xml
>
>
> There should be the option of using container-based autnetication.
> Here are some ideas from an old post in the mailing list:
> Been thinking a lot about container based authentication - primarily,
> because of my interest in the CAS integration which is necessary for
> an OFBiz integration (search for OFBizCasAuthenticationHandler.java
> class for details)
> Here a few thoughts.
> in J2EE, the way to get the user is via the following code:
>  java.security.Principal principal = request.getUserPrincipal();
>     if(principal != null) {
>         String username = principal.getName();
>         // usw. usf.
>     }
> If we used the UserPwdAuthModule in UserAuth.scala as a basis, we
> could use the following code combined with the code above to get the
> user:
>             user <- UserAuth.find(By(UserAuth.authKey, name),
>                                   By(UserAuth.authType,
> moduleName)).flatMap(_.user.obj) or
>             User.find(By(User.nickname, name))
> We could take use the S object in lift to get the request and then get
> the UserPrincipal.  Probably with "S.request"
> The only I don't know is how to make this Container-based authmodule
> be the default that works without a UI that implicitly calls it.
> One idea is to remove  the following lines from Boot.scala
>     UserAuth.register(UserPwdAuthModule)
>     UserAuth.register(OpenIDAuthModule)
> and replace them with
>    UserAuth.register(ContaionerAuthModule)
> ---------------
> object ContainerAuthModule extends AuthModule {
>   def moduleName: String = "upw"
>   def performInit(): Unit = {
>     LiftRules.dispatch.append {
>       case Req("authentication" :: "login" :: Nil, _, PostRequest) =>
>         val from = S.referer openOr "/"
>         (for {
>             java.security.Principal principal = S.Request.getUserPrincipal();
>             if(principal != null) {
>                  String username = principal.getName();
>                   user <- UserAuth.find(By(UserAuth.authKey, username),
>                                   By(UserAuth.authType,
> moduleName)).flatMap(_.user.obj) or
>                   User.find(By(User.nickname, username))
>                   userAuth <- UserAuth.find(By(UserAuth.user,
> username), By(UserAuth.authType, moduleName))
>             }

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to