Again about external user login.

I've created these classes:

- MyExternalUserLogin (implements LoginHandler)
- MyExternalUser (extends ExternalUser)
- MyExternalUserManager (extends MgnlUserManager)

Everything fine into loginHandler: myExternalUser is generated, set the subject, set groups, roles..

I have problems in authentication:

---
final LoginContext loginContext = new LoginContext("magnolia", subject, callbackHandler);
loginContext.login();
---

the method *loginContext.login()* at the end calls MyExternalUserManager.getUser(username) and this goes up to MgnlUserManager.getUser(username).

At this point no user is found, from Magnolia side.
And it is normal, they are all external.

------------------------------------------

My question is: why the login filter needs to go inside Magnolia Security Support to ask for a user?

In attachment you find something, if you are interested on reading code..

Really confused..

Matteo


----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
package com.tinext.ext.magnolia.common.security;

import info.magnolia.cms.security.ExternalUser;
import info.magnolia.cms.security.auth.Entity;

import java.util.Iterator;
import java.util.Set;

import javax.security.auth.Subject;

public class Ext2MgnlUser extends ExternalUser {

        protected Ext2MgnlUser(final Subject subject) {
                super(subject);

                final Set<Entity> principalDetails = 
subject.getPrincipals(Entity.class);
                final Iterator<Entity> entityIterator = 
principalDetails.iterator();
                userDetails = entityIterator.next();
                setSubject(subject);

        }

        /**
         * User properties.
         */
        private final Entity userDetails;

        @Override
        public void addGroup(final String groupName) throws 
UnsupportedOperationException {
        // Do nothing
        }

        @Override
        public void addRole(final String roleName) throws 
UnsupportedOperationException {
        // Do nothing
        }

        @Override
        public void removeGroup(final String groupName) throws 
UnsupportedOperationException {
        // Do nothind
        }

        @Override
        public void removeRole(final String roleName) throws 
UnsupportedOperationException {
        // Do nothing
        }

        @Override
        public void setEnabled(final boolean enabled) {
        // Do nothing
        }

        @Override
        public String getProperty(final String propertyName) {
                // todo: why this is not in ExternalUser?
                return (String) userDetails.getProperty(propertyName);
        }

        
}
package com.tinext.ext.magnolia.common.security;

import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.Entity;
import info.magnolia.cms.security.auth.GroupList;
import info.magnolia.cms.security.auth.RoleList;
import info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler;
import info.magnolia.cms.security.auth.login.FormLogin;
import info.magnolia.cms.security.auth.login.LoginHandler;
import info.magnolia.cms.security.auth.login.LoginResult;
import info.magnolia.jaas.principal.EntityImpl;
import info.magnolia.jaas.principal.GroupListImpl;
import info.magnolia.jaas.principal.RoleListImpl;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.tinext.ext.magnolia.common.exceptions.extException;
import com.tinext.ext.magnolia.common.managers.extManagerFactory;
import com.tinext.ext.ws.common.webservices.UserAccount;

public class ExtLoginHandler implements LoginHandler {

        private static final Logger log = 
LoggerFactory.getLogger(ExtLoginHandler.class);

        public static final String PARAMETER_USER_ID = "extUserId";
        public static final String PARAMETER_PSWD = "extUserPSWD";

        public LoginResult handle(final HttpServletRequest request, final 
HttpServletResponse response) {

                log.debug("Login for request url: {}", request.getRequestURL());

                final String username = request.getParameter(PARAMETER_USER_ID);
                final String password = request.getParameter(PARAMETER_PSWD);

                if (StringUtils.isNotEmpty(username) && 
StringUtils.isNotEmpty(password)) {

                        try {

                                final UserAccount userAccount = 
extManagerFactory.getInstance().getextUserManager().login(username,
                                    password);

                                log.debug("ext login succeded, user {} has been 
retrieved", userAccount.getUsername());

                                final Subject subject = new Subject();

                                final Entity userEntity = new EntityImpl();
                                
userEntity.addProperty("external-authentication", Boolean.TRUE);
                                userEntity.addProperty(Entity.NAME, 
userAccount.getUsername());
                                userEntity.addProperty("email", 
userAccount.getUsername());
                                userEntity.addProperty("id", 
userAccount.getUsername());
                                userEntity.addProperty(Entity.FULL_NAME, 
userAccount.getFirstName() + " " + userAccount.getLastName());

                                subject.getPrincipals().add(userEntity);

                                // assign default groups
                                // TODO: read from userAccount
                                final GroupList groupList = new GroupListImpl();
                                groupList.add("extUserAccountBase");
                                subject.getPrincipals().add(groupList);

                                // assign default roles
                                // TODO: read from userAccount
                                final RoleList roleList = new RoleListImpl();
                                roleList.add("extUserAccountBase");
                                subject.getPrincipals().add(roleList);

                                final User mgnlUser = new ext2MgnlUser(subject);

                                // this avoid to create a custom 
callbackHandler for ext
                                final CredentialsCallbackHandler 
callbackHandler = new CredentialsCallbackHandler() {

                                        /**
                                         * {...@inheritdoc}
                                         */
                                        @Override
                                        public User getUser() {
                                                
log.info("CredentialsCallbackHandler returning {}", mgnlUser.getName());
                                                return mgnlUser;
                                        }
                                };

                                return authenticate(callbackHandler, subject);

                        } catch (final extException e) {
                                log.error("Exception while doing ext login: 
{}", e.getMessage());
                        }
                        log.debug("login failed.");
                        return LoginResult.NO_LOGIN;

                }
                log.debug("login not handled.");
                return LoginResult.NOT_HANDLED;
        }

        /**
         * Standard Magnolia --> JAAS Authentication procedure
         */
        public LoginResult authenticate(final CredentialsCallbackHandler 
callbackHandler, Subject subject) {

                try {
                        final LoginContext loginContext = new 
LoginContext("magnolia", subject, callbackHandler);
                        loginContext.login();
                        subject = loginContext.getSubject();
                        final User user = callbackHandler.getUser();
                        user.setSubject(subject);
                        return new LoginResult(LoginResult.STATUS_SUCCEEDED, 
user);
                } catch (final LoginException e) {

                        return new LoginResult(LoginResult.STATUS_FAILED, e);
                }
        }

}
package com.tinext.ext.magnolia.common.security;

import info.magnolia.cms.security.MgnlUserManager;
import info.magnolia.cms.security.User;
import info.magnolia.cms.security.auth.Entity;

import java.util.Collection;
import java.util.Iterator;
import java.util.Set;

import javax.security.auth.Subject;

import org.apache.commons.lang.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class ExtMgnlUserManager extends MgnlUserManager {

        private final static Logger log = 
LoggerFactory.getLogger(ExtMgnlUserManager.class);

        @Override
        public User getUser(final String name) throws 
UnsupportedOperationException {
                return super.getUser(name);
        }

        @Override
        public User getUser(final Subject subject) throws 
UnsupportedOperationException {
                // this could be the case if no one is logged in yet
                if (subject == null) {
                        log.debug("subject not set.");
                        return null;
                }

                final Set<Entity> principalDetails = 
subject.getPrincipals(Entity.class);
                final Iterator<Entity> entityIterator = 
principalDetails.iterator();
                final Entity entity = entityIterator.next();
                final Boolean shadow = (Boolean) entity.getProperty("shadow");
                if (BooleanUtils.isFalse(shadow)) {
                        return new ext2MgnlUser(subject);
                } else {
                        return super.getUser(subject);
                }
        }

        @Override
        public void changePassword(final User user, final String newPassword) 
throws UnsupportedOperationException {
                throw new UnsupportedOperationException();
        }

        @Override
        public User createUser(final String username, final String password) 
throws UnsupportedOperationException {
                throw new UnsupportedOperationException();
        }

        @Override
        public Collection getAllUsers() throws UnsupportedOperationException {
                throw new UnsupportedOperationException();
        }

        @Override
        public User getAnonymousUser() throws UnsupportedOperationException {
                throw new UnsupportedOperationException();
        }

        @Override
        public User getSystemUser() throws UnsupportedOperationException {
                throw new UnsupportedOperationException();
        }

        
}

Reply via email to