If I remember properly you set your login module to "skip on previous success" so if JCRAuthModule succeed (and it does if user and pwd match), your module will not be called.
Also IIRC user managers are called in order in which they are defined in AdminCentral. Putting your one on first place ensures Magnolia will first ask your userManager and only then the others. Last but not least you might want to limit your user manager to just some realm instead of all of them (don't remember if you configured that or not). HTH, Jan On Apr 4, 2011, at 11:14 AM, Will Scheidegger wrote: > > Now that I have everything up and running, I also created a custom > UserManager to get the User instead of doing everything in my custom > LoginModule. What I noticed afterward configuring the UserManager in > Magnolia: > > My custom module is not called anymore! > > The Magnolia LoginModule runs through all defined UserManagers and fetches > the user that way. Then, it is perfectly capable of authenticating also an > external user. > > This seems like a Good Thing (tm) to me. I removed the custom LoginModule and > its configuration from the jaas.config file and everything is still working > great.... Or is there a reason why I should not define the custom UserManager > in Magnolia? Maybe a security issue? > > Thanks! > -will > > On 31.03.2011, at 17:10, Jan Haderka wrote: > >> >> >> On Mar 31, 2011, at 2:21 PM, Will Scheidegger wrote: >> >>> >>> Hi Jan >>> >>> Thanks for the help. I did find the JCRAuthenticationModule class late on >>> Wednesday evening and I think I can give it a try. In order to go in the >>> right direction a few follow-up questions though: >>> >>> - Since I only get a true or false from the web service, I don't have any >>> roles or groups associated with my external users. This is not really a >>> problem since all these users have the exact same rights. Can I simply >>> define roles and groups in Magnolia and then build the list of groups and >>> roles for the user similar to JCRAuthenticationModule.collectGroupNames() >>> and collectRoleNames(), but simply returning a fixed list of names? Will >>> the user then have the rights associated with the corresponding Magnolia >>> groups and roles? >> >> You have2 options, either you have all the users in Magnolia as well and use >> webservice to just validate their passwords and upon success you set >> MgnlUser same as JCRAuthenticationModule does or ... you need to override >> said methods above to assign users correct groups and roles, but in your >> custom version of JCRAuthorizationModule, not in the authentication module >> iirc. >> >>> - I guess my Users will be of the type >>> info.magnolia.cms.security.ExternalUser. And I guess I should also write my >>> own UserManager...? >> >> Depends if user doesn't exist in Magnolia, then yes, you need to set it as >> ExternalUser. >> >> HTH, >> Jan >> >>> >>> Thanks! >>> -will >>> >>> On 31.03.2011, at 00:05, Jan Haderka wrote: >>> >>>> >>>> assuming you want just to authenticate the user, but don't need to mess >>>> with anything else, all you have to do is write your own JAAS login module >>>> similar to the JCRAuthenticationModule. Then you need to add that module >>>> to the jaas.config >>>> You should not need to do anything with the callbacks or login handlers as >>>> long as the form for users to enter username/pwd is enough for your users >>>> to enter their credentials. >>>> >>>> HTH, >>>> Jan >>>> >>>> >>>> On Mar 30, 2011, at 9:19 PM, Will Scheidegger wrote: >>>> >>>>> >>>>> Dear Magnolians >>>>> >>>>> We need to implement an external user authentication for Magnolia CE. In >>>>> our case, the user needs to be verified by sending username + password to >>>>> some web service and getting back true or false. That's pretty much it. >>>>> >>>>> I tried to figure out how the login process works by debugging it step by >>>>> step, but boy, with all those callback classes and such, this sure is no >>>>> easy thing to do. And from what I found in the wiki and on the mailing >>>>> list, this seems to be not the prettiest part of Magnolia (or has it been >>>>> improved in the meantime?). So before I sink a day of hard labor into it >>>>> can anyone tell me how this is done? >>>>> >>>>> Thanks! >>>>> -will >>>>> >>>>> >>>>> ---------------------------------------------------------------- >>>>> For list details see >>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>> To unsubscribe, E-mail to: <[email protected]> >>>>> ---------------------------------------------------------------- >>>> >>>> >>>> >>>> >>>> ---------------------------------------------------------------- >>>> For list details see >>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>> To unsubscribe, E-mail to: <[email protected]> >>>> ---------------------------------------------------------------- >>>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> For list details see >>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>> To unsubscribe, E-mail to: <[email protected]> >>> ---------------------------------------------------------------- >> >> >> >> >> ---------------------------------------------------------------- >> For list details see >> http://www.magnolia-cms.com/home/community/mailing-lists.html >> To unsubscribe, E-mail to: <[email protected]> >> ---------------------------------------------------------------- >> > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
