Hi Jan Thanks again for the additional info. This is pretty much what I came up with too. And this is fine with me. If there is no real reason why I should not simply let the JCRAuthModule fetch my user via a custom user manager then I would like to go that way (without a custom login module).
When you say: "...limit your user manager to just some realm instead" what do you mean with that? When I used the custom login module, I specified a realm there. Can I "limit" the user manager to a realm? I mean when configuring it in the node "test" then getting the user manager for the realm "test" will return my user manager. Is there anything else that could/should be done? -will On 04.04.2011, at 12:50, Jan Haderka wrote: > > If I remember properly you set your login module to "skip on previous > success" so if JCRAuthModule succeed (and it does if user and pwd match), > your module will not be called. > > Also IIRC user managers are called in order in which they are defined in > AdminCentral. Putting your one on first place ensures Magnolia will first ask > your userManager and only then the others. > Last but not least you might want to limit your user manager to just some > realm instead of all of them (don't remember if you configured that or not). > > HTH, > Jan > > On Apr 4, 2011, at 11:14 AM, Will Scheidegger wrote: > >> >> Now that I have everything up and running, I also created a custom >> UserManager to get the User instead of doing everything in my custom >> LoginModule. What I noticed afterward configuring the UserManager in >> Magnolia: >> >> My custom module is not called anymore! >> >> The Magnolia LoginModule runs through all defined UserManagers and fetches >> the user that way. Then, it is perfectly capable of authenticating also an >> external user. >> >> This seems like a Good Thing (tm) to me. I removed the custom LoginModule >> and its configuration from the jaas.config file and everything is still >> working great.... Or is there a reason why I should not define the custom >> UserManager in Magnolia? Maybe a security issue? >> >> Thanks! >> -will >> >> On 31.03.2011, at 17:10, Jan Haderka wrote: >> >>> >>> >>> On Mar 31, 2011, at 2:21 PM, Will Scheidegger wrote: >>> >>>> >>>> Hi Jan >>>> >>>> Thanks for the help. I did find the JCRAuthenticationModule class late on >>>> Wednesday evening and I think I can give it a try. In order to go in the >>>> right direction a few follow-up questions though: >>>> >>>> - Since I only get a true or false from the web service, I don't have any >>>> roles or groups associated with my external users. This is not really a >>>> problem since all these users have the exact same rights. Can I simply >>>> define roles and groups in Magnolia and then build the list of groups and >>>> roles for the user similar to JCRAuthenticationModule.collectGroupNames() >>>> and collectRoleNames(), but simply returning a fixed list of names? Will >>>> the user then have the rights associated with the corresponding Magnolia >>>> groups and roles? >>> >>> You have2 options, either you have all the users in Magnolia as well and >>> use webservice to just validate their passwords and upon success you set >>> MgnlUser same as JCRAuthenticationModule does or ... you need to override >>> said methods above to assign users correct groups and roles, but in your >>> custom version of JCRAuthorizationModule, not in the authentication module >>> iirc. >>> >>>> - I guess my Users will be of the type >>>> info.magnolia.cms.security.ExternalUser. And I guess I should also write >>>> my own UserManager...? >>> >>> Depends if user doesn't exist in Magnolia, then yes, you need to set it as >>> ExternalUser. >>> >>> HTH, >>> Jan >>> >>>> >>>> Thanks! >>>> -will >>>> >>>> On 31.03.2011, at 00:05, Jan Haderka wrote: >>>> >>>>> >>>>> assuming you want just to authenticate the user, but don't need to mess >>>>> with anything else, all you have to do is write your own JAAS login >>>>> module similar to the JCRAuthenticationModule. Then you need to add that >>>>> module to the jaas.config >>>>> You should not need to do anything with the callbacks or login handlers >>>>> as long as the form for users to enter username/pwd is enough for your >>>>> users to enter their credentials. >>>>> >>>>> HTH, >>>>> Jan >>>>> >>>>> >>>>> On Mar 30, 2011, at 9:19 PM, Will Scheidegger wrote: >>>>> >>>>>> >>>>>> Dear Magnolians >>>>>> >>>>>> We need to implement an external user authentication for Magnolia CE. In >>>>>> our case, the user needs to be verified by sending username + password >>>>>> to some web service and getting back true or false. That's pretty much >>>>>> it. >>>>>> >>>>>> I tried to figure out how the login process works by debugging it step >>>>>> by step, but boy, with all those callback classes and such, this sure is >>>>>> no easy thing to do. And from what I found in the wiki and on the >>>>>> mailing list, this seems to be not the prettiest part of Magnolia (or >>>>>> has it been improved in the meantime?). So before I sink a day of hard >>>>>> labor into it can anyone tell me how this is done? >>>>>> >>>>>> Thanks! >>>>>> -will >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------- >>>>>> For list details see >>>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>>> To unsubscribe, E-mail to: <[email protected]> >>>>>> ---------------------------------------------------------------- >>>>> >>>>> >>>>> >>>>> >>>>> ---------------------------------------------------------------- >>>>> For list details see >>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>> To unsubscribe, E-mail to: <[email protected]> >>>>> ---------------------------------------------------------------- >>>>> >>>> >>>> >>>> >>>> ---------------------------------------------------------------- >>>> For list details see >>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>> To unsubscribe, E-mail to: <[email protected]> >>>> ---------------------------------------------------------------- >>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> For list details see >>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>> To unsubscribe, E-mail to: <[email protected]> >>> ---------------------------------------------------------------- >>> >> >> >> >> ---------------------------------------------------------------- >> For list details see >> http://www.magnolia-cms.com/home/community/mailing-lists.html >> To unsubscribe, E-mail to: <[email protected]> >> ---------------------------------------------------------------- > > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- > ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
