Hi Ola,
As I mentioned in my previous post, I think the way to go is to use magnolia's
standard mechanisms, ie. don't try to set the ACLs yourself, let magnolia's
code handle it for you.
Normally, the sequence is something like this:
LoginFilter calls each LoginHandler in turn.
The LoginHandler finds the user-information (eg. reads username/password from
form-parameters)
The LoginHandler sets this information in a Callback object for JAAS. Standard
is the "CredentialsCallback", like this:
CredentialsCallbackHandler callbackHandler = new
PlainTextCallbackHandler(userid, pswd.toCharArray(), realm);
And then the login-handler calls the JAAS Authentication stack, as follows:
return authenticate(callbackHandler, getJaasChain());
After that, JAAS handles the user login and authorization.
You could write your own LoginHandler, which reads your user-information from
the request parameter, and sets up the CredentialsCallback as above.
Then, if your users are external to magnolia, you have 2 ways to go after this:
1) Set up an external user manager which connects to your external user
data-source to read users.
In this case you don't need to do any more work. If your ExternalUserManager is
correctly set up (you can browse the users in magnolia's users tree), the rest
should then just work.
2) Create the External User "on the fly". Extend the JCRAuthenticationModule
for JAAS, and instead of looking up the user, just create the user (as an
ExternalUser) and add roles and groups as needed. The JCRAuthorizationModule
should then pick up those roles and groups, and set up the ACLs correctly.
Regards from Vienna,
Richard
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]]
Im Auftrag von Ola Montan (via Magnolia Forums)
Gesendet: Freitag, 14. September 2012 12:22
An: Magnolia User List
Betreff: [magnolia-user] Re: How to instantiate a User to call
MgnlContext.login(mgnlUser);
Can I jump in and ask a related question? I have a very similar problem, and
are also trying to use MgnlContext.login. However, I have an external system to
authenticate me and just want Magnolia to accept me and to set the correct
roles for me. I have code looking like this in my own LoginHandler (simplified
to always login as "olamon" with role "superuser"):
Map<String, String> properties = new HashMap<String, String>();
properties.put( "name", "olamon" );
properties.put( "fullName", "Olas full name" );
properties.put( "email", "[email protected]" );
properties.put( "language", "en" );
RoleList roleList = new RoleListImpl();
roleList.add( "superuser" );
GroupList groupList = new GroupListImpl();
User user = new ExternalUserManager().getUser( properties,
groupList, roleList );
PrincipalCollection aclList = new PrincipalCollectionImpl();
aclList.setName( "PrincipalCollection" );
RoleManager rm = new MgnlRoleManager();
Map<String, ACL> acls = rm.getACLs( "superuser" );
for (Entry<String, ACL> acl : acls.entrySet()) {
aclList.add( acl.getValue() );
}
Subject subject = new Subject();
subject.getPrincipals().add( user );
subject.getPrincipals().add( roleList );
subject.getPrincipals().add( groupList );
subject.getPrincipals().add( aclList );
MgnlContext.login( subject );
return new LoginResult( LoginResult.STATUS_SUCCEEDED, subject );
But gets basically the same result. The user is logged in, but the user don't
seem to have any privileges at all.
Any idea what can be wrong?
--
Context is everything:
http://forum.magnolia-cms.com/forum/thread.html?threadId=78b2ea20-d914-4c9c-8c38-06db36bc5002
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
----------------------------------------------------------------
For list details, see http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
