Foren

Liferay with Glassfish - Custom Container Authentication

thumbnail
Freddy2809 Freddy2809, geändert vor 15 Jahren.

Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 46 Beitrittsdatum: 08.01.06 Neueste Beiträge
Hi,

currently I'm trying to integrate my own custom authentication mechanism into Liferay. I have my own JAAS-based authentication framework which is plugged into the Glassfish container. This auth. framework uses a ServletFilter for triggering the authentication process in the container.

I've done the following to integrate my auth. framework in Liferay:
- add my Auth-ServletFilter to the Liferay web.xml (protected url-pattern /* )
- wrote my own AutoLogin class and described it in portal-ext.properties

Unfortunately, after a login (against my auth. framework) I get the following exception from Liferay:

15:31:17,875 ERROR [MainServlet:614] com.liferay.portal.NoSuchUserException: No User exists with the primary key 1
com.liferay.portal.NoSuchUserException: No User exists with the primary key 1
at com.liferay.portal.service.persistence.UserPersistenceImpl.findByPrimaryKey(UserPersistenceImpl.java:319)
at com.liferay.portal.service.impl.UserLocalServiceImpl.getUserById(UserLocalServiceImpl.java:1143)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:301)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy102.getUserById(Unknown Source)
at com.liferay.portal.service.UserLocalServiceUtil.getUserById(UserLocalServiceUtil.java:542)
at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:595)

It seems so that the getRemoteUser() call in MainServlet is the problem. If a remote user is available Liferay tries to resolve this user against the database. In my case such a remote user is available from the request because I've already logged into the container. However this user does not exist in the liferay database, because my AutoLoginModule is not called yet.

Does anybody have any suggestions to solve this issue? Thx a lot.
Beppe Catanese, geändert vor 15 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

New Member Beiträge: 4 Beitrittsdatum: 04.09.08 Neueste Beiträge
Hello Frederik

we encountered the same problem using Liferay with Oracle SSO.
After building the custom handler, configuring the portal-ext.properties and re-deploying the new war we could see Liferay
wasn't calling our custom autologin module.
We traced the error back to com.liferay.portal.servlet.filters.autologin.AutoLoginFilter around line 162. Basically the filter
checks if getRemoteUser returns null, if it is not null then it doens't invoke any of the autologin modules.
In our case Oracle SSO sets the REMOTE_USER with the username (eg GCATANES)...so Liferay would never call the custom
autologin we have implemented.

Solution: well, we amended Liferay source:

// if ((remoteUser == null) && (jUserName == null)) { OLD LINE REPLACED WITH BELOW
if (jUserName == null) {
for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
AutoLogin autoLogin = (AutoLogin)InstancePool.get(
autoLoginHook);

After the change above we successfully logged in.

We now hit a different problem: we can access the different pages/sections but anytime we try to change content (add message, add category...) we get com.liferay.portal.NoSuchUserException: No User exists with the primary key 0.
Again investigating this we found out that Liferay expects the userid (long) in getRemoteUser, which instead contains the username
GCATANES. I will create a new thread for this.

Ciao
Beppe

ps
We didn't need to create our own Auth-ServletFilter
thumbnail
Frederik Weishäupl, geändert vor 15 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 46 Beitrittsdatum: 08.01.06 Neueste Beiträge
Hello Beppe,

thx a lot for your answer. To solve the issue I performed a similar solution approach. I've also changed the the MainServlet.java, so the AutoLogin is perfomed before the first getRemoteUser call.

I've also solved the problem com.liferay.portal.NoSuchUserException: No User exists with the primary key 0.
In MainServlet I set the userId variable explicitly after login :

...
				// Pre login events

				EventsProcessor.process(
					PropsKeys.LOGIN_EVENTS_PRE, PropsValues.LOGIN_EVENTS_PRE,
					request, response);

				// User

				/**
				 * Begin Custom
				 * extension---------------------------------------------------------------------------------
				 */
				User user = UserLocalServiceUtil.getUserByScreenName(companyId,
						screenName);
				userId = user.getUserId();

				PrincipalThreadLocal.setName(userId);
				/**
				 * End Custom
				 * extension---------------------------------------------------------------------------------
				 */
...


After this change everything works fine for me emoticon However it would be nice if the issue could be addressed in a next Liferay release.

Regards,
Frederik
Beppe Catanese, geändert vor 15 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

New Member Beiträge: 4 Beitrittsdatum: 04.09.08 Neueste Beiträge
Hi
eventually I had fixed the problem in the same way (changing MainServlet). It is now working for us too.

I have created another post for this problem: looking at the code it is not really clear (to me) what's going on in the
MainServlet class. It looks (if I remember well) the class first gets the userId (long) and stores it into the PrincipalThreadLocal...
but then it gets the REMOTE_USER and, if not null, stores this information in the PrincipalThreadLocal. This obviously creates
a problem later on when Liferay expects the userId (long) to perform the user authorisation.
No reply for Liferay people yet though emoticon

Ciao
Beppe
thumbnail
Frederik Weishäupl, geändert vor 15 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 46 Beitrittsdatum: 08.01.06 Neueste Beiträge
Hi,

for your information: I opened a JIRA request (http://support.liferay.com/browse/LEP-7712) regarding this issue.

Regards,
Frederik
thumbnail
Gaspare Provenzano, geändert vor 14 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 27 Beitrittsdatum: 06.06.07 Neueste Beiträge
Hi all,

I got the same exception, also after the patch in the MainServlet. I'm using Liferay version 5.2.2.

I can login using JAAS and access my communities, but some configuration actions do not work. For example, I get

WARN [PortalImpl:2860] Current URL /dash/c/layout_management/update_page generates exception: No User exists with the primary key 0

ERROR [jsp:165] com.liferay.portal.NoSuchUserException: No User exists with the primary key 0

every time I try to add a page or add a community.

Any idea?

Thanks,
Gaspare Provenzano
thumbnail
Gaspare Provenzano, geändert vor 14 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 27 Beitrittsdatum: 06.06.07 Neueste Beiträge
Hi all,

I found the problem: the screen name was used at the second invocation of the MainServlet, so the previous patch is not run except for the first time. So, apply the previous suggested patch of this forum thread AND this one (for JAAS):



if ((userId > 0) || (remoteUser != null)) {

			// Set the principal associated with this thread

			String name = String.valueOf(userId);

			/**
			* Begin Custom
	                 
			if (remoteUser != null) {
				name = remoteUser;
			}
			
			End Custom
			*/

			PrincipalThreadLocal.setName(name);
		}

thumbnail
Younis Alomoush, geändert vor 14 Jahren.

RE: Liferay with Glassfish - Custom Container Authentication

Junior Member Beiträge: 40 Beitrittsdatum: 04.06.09 Neueste Beiträge
Dear Gaspare,

I am trying to integrate Liferay with Oracle SSO. I follwoed the following steps:

1. configure the $ORACLE_HOME/Apache/Apache/conf/httpd.conf by adding the following
ProxyPass /portal/ http://liferayserver:port/
ProxyPass /portal http://liferayserver:port/
ProxyPassReverse /portal/ http://liferayserver:port/
ProxyPassReverse /portal http://liferayserver:port/

2.configure the $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf by adding the following:
<Location /myapp>
require valid-user
AuthType Basic
</Location>
<Location /myapp*>
require valid-user
AuthType Basic
</Location>

3. write the OracleSSOFilter and OracleSSOAutoLogin module.

as a result the intgration worked fine except that the CSS of the Liferay lost. How can I resolve this problem.

Note:The SSO server and Liferay are in different servers.

Thanks--
Younis