Hi Thomas,
I think what you really want is a login-handler (see
info.magnolia.cms.security.auth.login.LoginHandlerBase).
Your login-handler can listen for your request-parameter in the handle()
method. If the parameter is present, call:
LoginResult result = authenticate(mycallbackhandler, "magnolia");
return result;
If the parameter is not present, just return:
return LoginResult.NOT_HANDLED;
to let one of the other login-handlers deal with the request.
The authenticate() method will defer to the magnolia JAAS authentication to
perform the login. All ACLs will be processed correctly, the context will be
set up, etc... you don't need to worry about any of that.
The callback-handler is needed by the JAAS layer to access the information
about the user-credentials supplied for the login. You will want to instantiate
a
info.magnolia.cms.security.auth.callback.CredentialsCallbackHandler
something like this:
CredentialsCallbackHandler mycallbackhandler = new
CredentialsCallbackHandler("myusername", "mypasswd", "admin");
--> this will cause JAAS to try to authenticate the user "myusername" from the
admin users.
Deploy your LoginHandler to Magnolia's WEB-INF/lib in a JAR file, and then
configure it in Magnolia under Configuration -->
/server/filters/login/loginHandlers/myHandler
Make sure you test it out on a non-production system first, as a misconfigured
login-handler or a programming error in the handler could render your magnolia
instance inaccessible.
If I understood your needs correctly, the above should work for you.
Regards from Vienna,
Richard
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]]
Im Auftrag von Thomas Martin
Gesendet: Montag, 05. März 2012 22:45
An: Magnolia User-List
Betreff: Re: AW: [magnolia-user] How to instantiate a User to call
MgnlContext.login(mgnlUser);
Hi Richard
Thanks for your input.
You're right, the order of execution is crucial. However I've moved everything
to a filter but that does not change much. The user is still not getting logged
in.
Maybe I'm thinking in too simple terms - all I need is a way to log in a
certain predefined magnolia user depending on a url parameter, which I thought
should not be that hard.
Any further input is appreciated.
Cheers, Thomas
On 05.03.2012, at 16:52, Unger, Richard wrote:
> Hi Thomas,
>
> It's not quite clear to me where you are calling this code.
>
> If you are calling this code within a Model class, or in a JSP Template, then
> it is probably "much too late".
>
> The authentication and login has to be performed early in the Filter-Chain
> (normally in the login-filter, and associated login-handlers).
>
> If you try to set the user only during rendering, it will be too late - ACL
> and URL permissions will already have been checked, the information for the
> anonymous user will have been set in aggregation state and context, leading
> to very different behavior than if the login were set during the login-filter.
>
> Regards from Vienna,
>
> Richard
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: [email protected]
> [mailto:[email protected]] Im Auftrag von Thomas Martin
> Gesendet: Montag, 05. März 2012 16:32
> An: Magnolia User-List
> Betreff: Re: [magnolia-user] How to instantiate a User to call
> MgnlContext.login(mgnlUser);
>
> Hi Jan
>
> Thanks for your reply.
>
> I'm not doing anything else. Basically I listen for a request parameter and
> would like to login a certain known magnolia user based on that. The user has
> based on it's role further access than anonymous.
>
> I do not get a stacktrace since no Exception is thrown.
>
> What happens is:
> - I access the page with anonymous user and trigger the mentioned code.
> - Thereby I loose the read right to everything and get presented the
> magnolia login form
>
> When calling System.out.println(MgnlContext.getUser().getName()); I can see
> the desired username, so basically it seems to have worked but still no
> access to the content is granted. (Users access right are tested through
> normal login).
>
> Any further help is appreciated.
> Cheers, Thomas
>
>
>
> On 05.03.2012, at 11:17, Jan Haderka wrote:
>
>> Hi Thomas,
>>
>> This way you get user logged in the context, that doesn't mean user is set
>> in session and it has all ACLs resolved. What else are you (not) doing? Can
>> you provide full stacktrace from the error you get?
>>
>> Cheers,
>> Jan
>>
>> On Mar 5, 2012, at 12:33 AM, Thomas Martin wrote:
>>
>>> Dear List
>>>
>>> I need a simple way to react on an external login mechanism.
>>>
>>> While digging through various requests to the list I found this gem, which
>>> would do exactly what I need:
>>>
>>> MgnlUser mgnlUser = (MgnlUser)
>>> SecuritySupport.Factory.getInstance().getUserManager().getUser(userI
>>> d
>>> ToLogin);
>>> MgnlContext.login(mgnlUser);
>>>
>>>
>>> Unfortunately it seems that the returned User is not fully instantiated and
>>> thus cannot login.
>>> Can someone give me a hint how to solve this?
>>>
>>> Thanks for any pointers!
>>> Cheers, Thomas
>>>
>>>
>>>
>>> ----------------------------------------------------------------
>>> For list details, see
>>> http://www.magnolia-cms.com/community/mailing-lists.html
>>> Alternatively, use our forums: http://forum.magnolia-cms.com/ To
>>> unsubscribe, E-mail to: <[email protected]>
>>> ----------------------------------------------------------------
>>
>>
>>
>>
>> ----------------------------------------------------------------
>> For list details, see
>> http://www.magnolia-cms.com/community/mailing-lists.html
>> Alternatively, use our forums: http://forum.magnolia-cms.com/ To
>> unsubscribe, E-mail to: <[email protected]>
>> ----------------------------------------------------------------
>>
>
>
>
> ----------------------------------------------------------------
> For list details, see
> http://www.magnolia-cms.com/community/mailing-lists.html
> Alternatively, use our forums: http://forum.magnolia-cms.com/ To
> unsubscribe, E-mail to: <[email protected]>
> ----------------------------------------------------------------
>
>
>
>
>
> ----------------------------------------------------------------
> For list details, see
> http://www.magnolia-cms.com/community/mailing-lists.html
> Alternatively, use our forums: http://forum.magnolia-cms.com/ To
> unsubscribe, E-mail to: <[email protected]>
> ----------------------------------------------------------------
>
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe,
E-mail to: <[email protected]>
----------------------------------------------------------------
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
