I think I have a vague idea of how things should be working now with the Jaas login. I managed to write my own login module which (for now) has an internal (hard-coded) hash of users that it uses to authenticate. Afterwards he regular JCRAuthorizaionModule is used to complete things.
I do have a sight problem with the jaas config file however. What I want the following setup: 1. Try to authenticate the user with the standard JCRAutenticationModule 2. If that fails, try to authenticate the user with my custom login module 3. If 1 or 2 succeeded finish of with he JCRAuthorizationModule When I set 1 and 2 to "requisite" things will fail because either login module 1 or 2 does not know anything about the user. When I set 1 and 2 to "optional" it works as expected, but I will not get an error message anymore when the login fails (because both modules doing the login are optional) Is there a way to solve this? It seems to me like this should not be such an uncommon scenario... but maybe it is because normally you would have only one login module per user directory...? Thanks for the help! -will On 31.03.2011, at 17:10, Jan Haderka wrote: > > > On Mar 31, 2011, at 2:21 PM, Will Scheidegger wrote: > >> >> Hi Jan >> >> Thanks for the help. I did find the JCRAuthenticationModule class late on >> Wednesday evening and I think I can give it a try. In order to go in the >> right direction a few follow-up questions though: >> >> - Since I only get a true or false from the web service, I don't have any >> roles or groups associated with my external users. This is not really a >> problem since all these users have the exact same rights. Can I simply >> define roles and groups in Magnolia and then build the list of groups and >> roles for the user similar to JCRAuthenticationModule.collectGroupNames() >> and collectRoleNames(), but simply returning a fixed list of names? Will the >> user then have the rights associated with the corresponding Magnolia groups >> and roles? > > You have2 options, either you have all the users in Magnolia as well and use > webservice to just validate their passwords and upon success you set MgnlUser > same as JCRAuthenticationModule does or ... you need to override said methods > above to assign users correct groups and roles, but in your custom version of > JCRAuthorizationModule, not in the authentication module iirc. > >> - I guess my Users will be of the type >> info.magnolia.cms.security.ExternalUser. And I guess I should also write my >> own UserManager...? > > Depends if user doesn't exist in Magnolia, then yes, you need to set it as > ExternalUser. > > HTH, > Jan > >> >> Thanks! >> -will >> >> On 31.03.2011, at 00:05, Jan Haderka wrote: >> >>> >>> assuming you want just to authenticate the user, but don't need to mess >>> with anything else, all you have to do is write your own JAAS login module >>> similar to the JCRAuthenticationModule. Then you need to add that module to >>> the jaas.config >>> You should not need to do anything with the callbacks or login handlers as >>> long as the form for users to enter username/pwd is enough for your users >>> to enter their credentials. >>> >>> HTH, >>> Jan >>> >>> >>> On Mar 30, 2011, at 9:19 PM, Will Scheidegger wrote: >>> >>>> >>>> Dear Magnolians >>>> >>>> We need to implement an external user authentication for Magnolia CE. In >>>> our case, the user needs to be verified by sending username + password to >>>> some web service and getting back true or false. That's pretty much it. >>>> >>>> I tried to figure out how the login process works by debugging it step by >>>> step, but boy, with all those callback classes and such, this sure is no >>>> easy thing to do. And from what I found in the wiki and on the mailing >>>> list, this seems to be not the prettiest part of Magnolia (or has it been >>>> improved in the meantime?). So before I sink a day of hard labor into it >>>> can anyone tell me how this is done? >>>> >>>> Thanks! >>>> -will >>>> >>>> >>>> ---------------------------------------------------------------- >>>> For list details see >>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>> To unsubscribe, E-mail to: <[email protected]> >>>> ---------------------------------------------------------------- >>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> For list details see >>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>> To unsubscribe, E-mail to: <[email protected]> >>> ---------------------------------------------------------------- >>> >> >> >> >> ---------------------------------------------------------------- >> For list details see >> http://www.magnolia-cms.com/home/community/mailing-lists.html >> To unsubscribe, E-mail to: <[email protected]> >> ---------------------------------------------------------------- > > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
