On Apr 4, 2011, at 1:25 PM, Will Scheidegger wrote:
> > Hi Jan > > Thanks again for the additional info. This is pretty much what I came up with > too. And this is fine with me. If there is no real reason why I should not > simply let the JCRAuthModule fetch my user via a custom user manager then I > would like to go that way (without a custom login module). > > When you say: "...limit your user manager to just some realm instead" what do > you mean with that? When I used the custom login module, I specified a realm > there. That's exactly what I meant > Can I "limit" the user manager to a realm? I mean when configuring it in the > node "test" then getting the user manager for the realm "test" will return my > user manager. Is there anything else that could/should be done? The name under which the user manager is registered is used as a realm. If no realm is provided from login callback, login module will usually go and request "ALL" realm at which point Magnolia returns DeletageUserManager that loops via all registered user managers until one is found that can return given user or all fail. Jan > > -will > > > On 04.04.2011, at 12:50, Jan Haderka wrote: > >> >> If I remember properly you set your login module to "skip on previous >> success" so if JCRAuthModule succeed (and it does if user and pwd match), >> your module will not be called. >> >> Also IIRC user managers are called in order in which they are defined in >> AdminCentral. Putting your one on first place ensures Magnolia will first >> ask your userManager and only then the others. >> Last but not least you might want to limit your user manager to just some >> realm instead of all of them (don't remember if you configured that or not). >> >> HTH, >> Jan >> >> On Apr 4, 2011, at 11:14 AM, Will Scheidegger wrote: >> >>> >>> Now that I have everything up and running, I also created a custom >>> UserManager to get the User instead of doing everything in my custom >>> LoginModule. What I noticed afterward configuring the UserManager in >>> Magnolia: >>> >>> My custom module is not called anymore! >>> >>> The Magnolia LoginModule runs through all defined UserManagers and fetches >>> the user that way. Then, it is perfectly capable of authenticating also an >>> external user. >>> >>> This seems like a Good Thing (tm) to me. I removed the custom LoginModule >>> and its configuration from the jaas.config file and everything is still >>> working great.... Or is there a reason why I should not define the custom >>> UserManager in Magnolia? Maybe a security issue? >>> >>> Thanks! >>> -will >>> >>> On 31.03.2011, at 17:10, Jan Haderka wrote: >>> >>>> >>>> >>>> On Mar 31, 2011, at 2:21 PM, Will Scheidegger wrote: >>>> >>>>> >>>>> Hi Jan >>>>> >>>>> Thanks for the help. I did find the JCRAuthenticationModule class late on >>>>> Wednesday evening and I think I can give it a try. In order to go in the >>>>> right direction a few follow-up questions though: >>>>> >>>>> - Since I only get a true or false from the web service, I don't have any >>>>> roles or groups associated with my external users. This is not really a >>>>> problem since all these users have the exact same rights. Can I simply >>>>> define roles and groups in Magnolia and then build the list of groups and >>>>> roles for the user similar to >>>>> JCRAuthenticationModule.collectGroupNames() and collectRoleNames(), but >>>>> simply returning a fixed list of names? Will the user then have the >>>>> rights associated with the corresponding Magnolia groups and roles? >>>> >>>> You have2 options, either you have all the users in Magnolia as well and >>>> use webservice to just validate their passwords and upon success you set >>>> MgnlUser same as JCRAuthenticationModule does or ... you need to override >>>> said methods above to assign users correct groups and roles, but in your >>>> custom version of JCRAuthorizationModule, not in the authentication module >>>> iirc. >>>> >>>>> - I guess my Users will be of the type >>>>> info.magnolia.cms.security.ExternalUser. And I guess I should also write >>>>> my own UserManager...? >>>> >>>> Depends if user doesn't exist in Magnolia, then yes, you need to set it as >>>> ExternalUser. >>>> >>>> HTH, >>>> Jan >>>> >>>>> >>>>> Thanks! >>>>> -will >>>>> >>>>> On 31.03.2011, at 00:05, Jan Haderka wrote: >>>>> >>>>>> >>>>>> assuming you want just to authenticate the user, but don't need to mess >>>>>> with anything else, all you have to do is write your own JAAS login >>>>>> module similar to the JCRAuthenticationModule. Then you need to add that >>>>>> module to the jaas.config >>>>>> You should not need to do anything with the callbacks or login handlers >>>>>> as long as the form for users to enter username/pwd is enough for your >>>>>> users to enter their credentials. >>>>>> >>>>>> HTH, >>>>>> Jan >>>>>> >>>>>> >>>>>> On Mar 30, 2011, at 9:19 PM, Will Scheidegger wrote: >>>>>> >>>>>>> >>>>>>> Dear Magnolians >>>>>>> >>>>>>> We need to implement an external user authentication for Magnolia CE. >>>>>>> In our case, the user needs to be verified by sending username + >>>>>>> password to some web service and getting back true or false. That's >>>>>>> pretty much it. >>>>>>> >>>>>>> I tried to figure out how the login process works by debugging it step >>>>>>> by step, but boy, with all those callback classes and such, this sure >>>>>>> is no easy thing to do. And from what I found in the wiki and on the >>>>>>> mailing list, this seems to be not the prettiest part of Magnolia (or >>>>>>> has it been improved in the meantime?). So before I sink a day of hard >>>>>>> labor into it can anyone tell me how this is done? >>>>>>> >>>>>>> Thanks! >>>>>>> -will >>>>>>> >>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> For list details see >>>>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>>>> To unsubscribe, E-mail to: <[email protected]> >>>>>>> ---------------------------------------------------------------- >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> ---------------------------------------------------------------- >>>>>> For list details see >>>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>>> To unsubscribe, E-mail to: <[email protected]> >>>>>> ---------------------------------------------------------------- >>>>>> >>>>> >>>>> >>>>> >>>>> ---------------------------------------------------------------- >>>>> For list details see >>>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>>> To unsubscribe, E-mail to: <[email protected]> >>>>> ---------------------------------------------------------------- >>>> >>>> >>>> >>>> >>>> ---------------------------------------------------------------- >>>> For list details see >>>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>>> To unsubscribe, E-mail to: <[email protected]> >>>> ---------------------------------------------------------------- >>>> >>> >>> >>> >>> ---------------------------------------------------------------- >>> For list details see >>> http://www.magnolia-cms.com/home/community/mailing-lists.html >>> To unsubscribe, E-mail to: <[email protected]> >>> ---------------------------------------------------------------- >> >> >> >> >> ---------------------------------------------------------------- >> For list details see >> http://www.magnolia-cms.com/home/community/mailing-lists.html >> To unsubscribe, E-mail to: <[email protected]> >> ---------------------------------------------------------------- >> > > > > ---------------------------------------------------------------- > For list details see > http://www.magnolia-cms.com/home/community/mailing-lists.html > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
