Again about external user login.
I've created these classes:
- MyExternalUserLogin (implements LoginHandler)
- MyExternalUser (extends ExternalUser)
- MyExternalUserManager (extends MgnlUserManager)
Everything fine into loginHandler: myExternalUser is generated, set the
subject, set groups, roles..
I have problems in authentication:
---
final LoginContext loginContext = new LoginContext("magnolia", subject,
callbackHandler);
loginContext.login();
---
the method *loginContext.login()* at the end calls
MyExternalUserManager.getUser(username) and this goes up to
MgnlUserManager.getUser(username).
At this point no user is found, from Magnolia side.
And it is normal, they are all external.
------------------------------------------
My question is: why the login filter needs to go inside Magnolia
Security Support to ask for a user?
In attachment you find something, if you are interested on reading code..
Really confused..
Matteo
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
package com.tinext.ext.magnolia.common.security;
import info.magnolia.cms.security.ExternalUser;
import info.magnolia.cms.security.auth.Entity;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
public class Ext2MgnlUser extends ExternalUser {
protected Ext2MgnlUser(final Subject subject) {
super(subject);
final Set<Entity> principalDetails =
subject.getPrincipals(Entity.class);
final Iterator<Entity> entityIterator =
principalDetails.iterator();
userDetails = entityIterator.next();
setSubject(subject);
}
/**
* User properties.
*/
private final Entity userDetails;
@Override
public void addGroup(final String groupName) throws
UnsupportedOperationException {
// Do nothing
}
@Override
public void addRole(final String roleName) throws
UnsupportedOperationException {
// Do nothing
}
@Override
public void removeGroup(final String groupName) throws
UnsupportedOperationException {
// Do nothind
}
@Override
public void removeRole(final String roleName) throws
UnsupportedOperationException {
// Do nothing
}
@Override
public void setEnabled(final boolean enabled) {
// Do nothing
}
@Override
public String getProperty(final String propertyName) {
// todo: why this is not in ExternalUser?
return (String) userDetails.getProperty(propertyName);
}
}
package com.tinext.ext.magnolia.common.security;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.Entity;
import info.magnolia.cms.security.auth.GroupList;
import info.magnolia.cms.security.auth.RoleList;
import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
import info.magnolia.cms.security.auth.login.FormLogin;
import info.magnolia.cms.security.auth.login.LoginHandler;
import info.magnolia.cms.security.auth.login.LoginResult;
import info.magnolia.jaas.principal.EntityImpl;
import info.magnolia.jaas.principal.GroupListImpl;
import info.magnolia.jaas.principal.RoleListImpl;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.tinext.ext.magnolia.common.exceptions.extException;
import com.tinext.ext.magnolia.common.managers.extManagerFactory;
import com.tinext.ext.ws.common.webservices.UserAccount;
public class ExtLoginHandler implements LoginHandler {
private static final Logger log =
LoggerFactory.getLogger(ExtLoginHandler.class);
public static final String PARAMETER_USER_ID = "extUserId";
public static final String PARAMETER_PSWD = "extUserPSWD";
public LoginResult handle(final HttpServletRequest request, final
HttpServletResponse response) {
log.debug("Login for request url: {}", request.getRequestURL());
final String username = request.getParameter(PARAMETER_USER_ID);
final String password = request.getParameter(PARAMETER_PSWD);
if (StringUtils.isNotEmpty(username) &&
StringUtils.isNotEmpty(password)) {
try {
final UserAccount userAccount =
extManagerFactory.getInstance().getextUserManager().login(username,
password);
log.debug("ext login succeded, user {} has been
retrieved", userAccount.getUsername());
final Subject subject = new Subject();
final Entity userEntity = new EntityImpl();
userEntity.addProperty("external-authentication", Boolean.TRUE);
userEntity.addProperty(Entity.NAME,
userAccount.getUsername());
userEntity.addProperty("email",
userAccount.getUsername());
userEntity.addProperty("id",
userAccount.getUsername());
userEntity.addProperty(Entity.FULL_NAME,
userAccount.getFirstName() + " " + userAccount.getLastName());
subject.getPrincipals().add(userEntity);
// assign default groups
// TODO: read from userAccount
final GroupList groupList = new GroupListImpl();
groupList.add("extUserAccountBase");
subject.getPrincipals().add(groupList);
// assign default roles
// TODO: read from userAccount
final RoleList roleList = new RoleListImpl();
roleList.add("extUserAccountBase");
subject.getPrincipals().add(roleList);
final User mgnlUser = new ext2MgnlUser(subject);
// this avoid to create a custom
callbackHandler for ext
final CredentialsCallbackHandler
callbackHandler = new CredentialsCallbackHandler() {
/**
* {...@inheritdoc}
*/
@Override
public User getUser() {
log.info("CredentialsCallbackHandler returning {}", mgnlUser.getName());
return mgnlUser;
}
};
return authenticate(callbackHandler, subject);
} catch (final extException e) {
log.error("Exception while doing ext login:
{}", e.getMessage());
}
log.debug("login failed.");
return LoginResult.NO_LOGIN;
}
log.debug("login not handled.");
return LoginResult.NOT_HANDLED;
}
/**
* Standard Magnolia --> JAAS Authentication procedure
*/
public LoginResult authenticate(final CredentialsCallbackHandler
callbackHandler, Subject subject) {
try {
final LoginContext loginContext = new
LoginContext("magnolia", subject, callbackHandler);
loginContext.login();
subject = loginContext.getSubject();
final User user = callbackHandler.getUser();
user.setSubject(subject);
return new LoginResult(LoginResult.STATUS_SUCCEEDED,
user);
} catch (final LoginException e) {
return new LoginResult(LoginResult.STATUS_FAILED, e);
}
}
}package com.tinext.ext.magnolia.common.security;
import info.magnolia.cms.security.MgnlUserManager;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.Entity;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.lang.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class ExtMgnlUserManager extends MgnlUserManager {
private final static Logger log =
LoggerFactory.getLogger(ExtMgnlUserManager.class);
@Override
public User getUser(final String name) throws
UnsupportedOperationException {
return super.getUser(name);
}
@Override
public User getUser(final Subject subject) throws
UnsupportedOperationException {
// this could be the case if no one is logged in yet
if (subject == null) {
log.debug("subject not set.");
return null;
}
final Set<Entity> principalDetails =
subject.getPrincipals(Entity.class);
final Iterator<Entity> entityIterator =
principalDetails.iterator();
final Entity entity = entityIterator.next();
final Boolean shadow = (Boolean) entity.getProperty("shadow");
if (BooleanUtils.isFalse(shadow)) {
return new ext2MgnlUser(subject);
} else {
return super.getUser(subject);
}
}
@Override
public void changePassword(final User user, final String newPassword)
throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
@Override
public User createUser(final String username, final String password)
throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
@Override
public Collection getAllUsers() throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
@Override
public User getAnonymousUser() throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
@Override
public User getSystemUser() throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
}