Forums

Home » Liferay Portal » English » Liferay Legacy

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Johan Hedlund
Overriding the Liferay jaas authentication
October 13, 2006 4:00 AM
Answer

Johan Hedlund

Rank: New Member

Posts: 6

Join Date: September 29, 2006

Recent Posts

Hi,

I'm working on trying to override the LifeRay authentication to make it check the login info against our external server instead of its own database.

The system I'm using for liferay is jboss and tomcat.

I've created a loginmodule, and tried to make this replace the LifeRay standard one by simply replacing the lines in the jaas.config:

1PortalRealm {
2    com.liferay.portal.kernel.security.jaas.PortalLoginModule required;
3};


has been replaced by:

1PortalRealm {
2   com.mytest.MyLoginModule required
3   debug=true
4};


This actually does cause my login module to be called when a login is attempted in liferay, but I have a number of problems/questions:

  1. Is this the correct way to override the LifeRay authentication?
  2. I assume that I should implement only the LoginModule, and not the callbackHandler, since liferay uses its own handler to get the username and password. Is this correct?
  3. When trying to access the username and password in my loginmodule, I don't get the same information that was entered in the login form! when entering test@liferay.com and test, I get something else for username and an encrypted password! How am I supposed to use this to authenticate against our server? I need the original information. How do I get this?
  4. I notice that my loginmodule is not even called unless the username entered in the login form exists in the liferay userbase. I don't want this behaviour. My plan was to check agains our external userbase and if the user exists there, then automatically create it in Liferay. Is it possible for me to do this?
  5. If I can get hold of the data that was actually entered in the form, I'd like to persist this so that I can use it to log in to other applications from portlets later on. I'd like to put this (using our own encryption) in the session, so that porlets can get it later. Can I get access to the session somehow from my loginhandler?


Phew! That was a lot of questions, but I'm a bit lost here, and can't find any information anywhere. I guess the next step would be to start going through the Liferay source code to try to figure out what is happening, but that feels slightly intimidating... emoticon

If any of you who read this know ANYTHING about any of the things I listed here, then please just put your thoughts down, even if it is just a "don't think that's possible".

Thank you

/Johan
Johan Hedlund
RE: Overriding the Liferay jaas authentication
October 13, 2006 6:00 AM
Answer

Johan Hedlund

Rank: New Member

Posts: 6

Join Date: September 29, 2006

Recent Posts

I think I understand now that I shouldn't be REPLACING the liferay login module, but just adding my login module as well, craeting a config file that looks life:

1
2PortalRealm {
3   com.mytest.MyLoginModule required
4   debug=true;
5   com.liferay.portal.kernel.security.jaas.PortalLoginModule required;
6};


This seems to work fine if I hard-code username and passowrd into my own loginhandler. The user/pass retrieced from liferay are still not the ones I would expect though, and the other problems still persist as well... but now at least I can get into the portal! emoticon

Please still help with the other issues if you can...
Mika Koivisto
RE: Overriding the Liferay jaas authentication
October 15, 2006 2:38 AM
Answer

Mika Koivisto

LIFERAY STAFF

Rank: Liferay Legend

Posts: 1498

Join Date: August 7, 2006

Recent Posts

I have implemented a custom authentication by adding following lines to my portal-ext.properties

1auth.pipeline.pre=fi.javaguru.liferay.CustomAuthenticator
2auth.pipeline.enable.liferay.check=false


My custom authenticator implements com.liferay.portal.security.auth.Authenticator and the auth.pipeline.enable.liferay.check=false by passes liferay from checking the user password in its internal database. One thing your custom authenticator needs to do is add the user into the internal portal db if it's not there. I guess you could implement the Liferay service interfaces that manipulate user information in Liferay db to make it use your own database or ldap.
Johan Hedlund
RE: Overriding the Liferay jaas authentication
October 16, 2006 4:17 AM
Answer

Johan Hedlund

Rank: New Member

Posts: 6

Join Date: September 29, 2006

Recent Posts

Thanks!

I just stumbled across the Authenticator stuff myself, and they seem really promising. And now I guess I just need to find the right interfaces to implement... emoticon

Does one of them let me access the request/session?
Daniel Velázquez
RE: Overriding the Liferay jaas authentication
September 11, 2009 6:00 AM
Answer

Daniel Velázquez

Rank: New Member

Posts: 16

Join Date: September 8, 2009

Recent Posts

Hi
I'm trying to make login module but can not find informaciçon.
I could spend Customlogin MySpace Codes