Hi,
I think I found a bug in MyFormAuthenticator. In line 147 remember me is set
to "false" if it is not checked on the login page:
rememberme = (rememberme == null) ? "false" : rememberme;
But the method processLogin() expects it to be NULL if the user doesn't want
to use the remember feature (line 178-187):
if (this.persistentLoginManager != null) {
// did the user request that their login be persistent?
if (rememberme != null) {
// remember login
this.persistentLoginManager.rememberLogin(request,
response, username, password);
} else {
// forget login
this.persistentLoginManager.forgetLogin(request,
response);
}
}
The problem is that if I fix this bug by removing line 147 the login process
doesn't work anymore! I discovered this while I was implementing OpenID
authentication support. I tried to debug it now two days but I didn't
succed. The same problem occurs with my OpenID implementation. I'm need to
tell XWiki that user xy was logged in and tried to do that by setting the
user principal in the request object
request.setUserPrincipal(principal);
but it doesn't work. Is there some documentation about securityfilter
available somewhere? I looked on securityfilter.sourceforge.net and googled
for it but I didn't found anything.
My next question is how I can add a "openid_identifier" property to the
XWikiUsers class as a "XClass" as proposed by Sergiu:
> I wouldn't add a new property to the XWikiUsers class; this leads to very
> thick classes, like
> XWikiPreferences, with properties used only in specific cases. I'd rather
> add a new XClass, for
> example XWiki.OpenIdAccount, and user profiles will have this kind of
> objects attached.
I didn't found any information on that. How is that done? How can I then
search for the user with a specific OpenID identifier?
Thank you very much,
Markus
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
