Foren

Home » Liferay Portal » English » 3. Development

Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
Karthik Baskaran
Problems with AutoLogin
8. November 2012 03:13
Antwort

Karthik Baskaran

Rang: Junior Member

Nachrichten: 32

Eintrittsdatum: 3. Mai 2012

Neue Beiträge

Hi All,

I have implemented AutoLogin in Liferay 6.0.1. My use-case is to validate the user id which is set in http header (authenticated by an external ldap) and then automtically login the user into liferay without validating the users credentials (password). The code works fine, however I was not able to logout after AutoLogin and also not able to login directly into liferay. Below is my code...

 1public class AutoLoginAction implements AutoLogin {
 2
 3    public String[] login(HttpServletRequest request,
 4            HttpServletResponse response) throws AutoLoginException {
 5        String[] credentials = new String[3];
 6        String screenName = null;
 7        String role = null;
 8        long userId = 0;
 9        long companyId = 0;
10
11        screenName = request.getHeader("REMOTE_USER");
12        role = request.getHeader("REMOTE_USER_ROLE");
13       
14        HttpSession httpSession = request.getSession();
15        httpSession.setAttribute("USER_ROLE", role);
16
17        try {
18            Company company = CompanyLocalServiceUtil.getCompanyByWebId("liferay.com");
19            Role adminRole = RoleLocalServiceUtil.getRole(company.getCompanyId(), "Administrator");
20            List<User> adminUsers = UserLocalServiceUtil.getRoleUsers(adminRole.getRoleId());
21            PermissionChecker permissionChecker = PermissionCheckerFactoryUtil.create(adminUsers.get(0), true);
22            PermissionThreadLocal.setPermissionChecker(permissionChecker);
23
24            companyId = company.getCompanyId();
25            userId = UserServiceUtil.getUserIdByScreenName(companyId, screenName);
26        } catch (Exception e) {
27            e.printStackTrace();
28        }
29
30        credentials[0] = String.valueOf(userId);
31        credentials[1] = "undefined";
32        credentials[2] = Boolean.FALSE.toString();
33
34        return credentials;
35    }
36}


liferay-hook.xml
1<hook>
2    <portal-properties>portal.properties</portal-properties>
3</hook>


portal.properties
1auto.login.hooks=com.login.AutoLoginAction


Thanks
Karthik
Siby Mathew
RE: Problems with AutoLogin
8. November 2012 05:43
Antwort

Siby Mathew

Rang: Expert

Nachrichten: 261

Eintrittsdatum: 4. März 2011

Neue Beiträge

Hi Karthik,
You can create a LogoutFilter for this.
Create a class extending com.liferay.portal.kernel.servlet.BaseFilter
Override processFilter() method and do a session invalidate :
1 @Override
2    protected void processFilter(final HttpServletRequest request, final HttpServletResponse response,
3            final FilterChain filterChain) throws Exception {
4         request.getSession().invalidate();
5}


Add the following in your liferay-hook.xml

 1    <servlet-filter>
 2        <servlet-filter-name>My Logout Filter</servlet-filter-name>
 3        <servlet-filter-impl>com.mycompany.portal.servlet.filters.MyLogoutFilter</servlet-filter-impl>
 4    </servlet-filter>
 5    <servlet-filter-mapping>
 6        <servlet-filter-name>My Logout Filter</servlet-filter-name>
 7        <url-pattern>/c/portal/logout</url-pattern>
 8        <dispatcher>FORWARD</dispatcher>
 9        <dispatcher>REQUEST</dispatcher>
10    </servlet-filter-mapping>



Hope that helps !

Thanks,
Siby Mathew
Karthik Baskaran
RE: Problems with AutoLogin
8. November 2012 06:00
Antwort

Karthik Baskaran

Rang: Junior Member

Nachrichten: 32

Eintrittsdatum: 3. Mai 2012

Neue Beiträge

Hi,

I tried the filter approach. Now i get a blank page on clicking the logout link in liferay. So not able to test the other issue i had of trying to login normally into liferay.

Thanks
Karthik
Bart Simpson
RE: Problems with AutoLogin
8. November 2012 06:16
Antwort

Bart Simpson

Rang: Liferay Master

Nachrichten: 524

Eintrittsdatum: 29. August 2011

Neue Beiträge

You were able to logout , but since the autologin gets called a number of time in a request, your code
1screenName = request.getHeader("REMOTE_USER");
find the screenName and logs the user in again.
So you probably have to think of a better approach on how to achieve this.
Siby Mathew
RE: Problems with AutoLogin
8. November 2012 06:20
Antwort

Siby Mathew

Rang: Expert

Nachrichten: 261

Eintrittsdatum: 4. März 2011

Neue Beiträge

Hi Karthik,
Can you try adding a response.sendRedirect(yourloginpage) to the method ?

Thanks,
Siby
Karthik Baskaran
RE: Problems with AutoLogin
8. November 2012 06:46
Antwort

Karthik Baskaran

Rang: Junior Member

Nachrichten: 32

Eintrittsdatum: 3. Mai 2012

Neue Beiträge

Yes adding response.sendRedirect(yourloginpage) to the LogoutFilter did the trick.

Thanks
Karthik
Siby Mathew
RE: Problems with AutoLogin
8. November 2012 06:47
Antwort

Siby Mathew

Rang: Expert

Nachrichten: 261

Eintrittsdatum: 4. März 2011

Neue Beiträge

Great Karthik !
Please mark as answer and change title to SOLVED.

Thanks,
Siby
Karthik Baskaran
RE: Problems with AutoLogin
8. November 2012 20:19
Antwort

Karthik Baskaran

Rang: Junior Member

Nachrichten: 32

Eintrittsdatum: 3. Mai 2012

Neue Beiträge

Hi Simpson,

Bart Simpson:
You were able to logout , but since the autologin gets called a number of time in a request, your code
1screenName = request.getHeader("REMOTE_USER");
find the screenName and logs the user in again.
So you probably have to think of a better approach on how to achieve this.


Can you suggest me a feasible approach to this ?

Thanks
Karthik
Karthik Baskaran
RE: Problems with AutoLogin
13. November 2012 21:11
Antwort

Karthik Baskaran

Rang: Junior Member

Nachrichten: 32

Eintrittsdatum: 3. Mai 2012

Neue Beiträge

Hi All,

Can any one please suggest me a better approach to this problem ?

Thanks
Karthik
Bart Simpson
RE: Problems with AutoLogin
14. November 2012 01:19
Antwort

Bart Simpson

Rang: Liferay Master

Nachrichten: 524

Eintrittsdatum: 29. August 2011

Neue Beiträge

If you have to do it via a header value, may be you could set another parameter in request or session once you are done with logout, and each autologin could check this value if present then don't login.
Another approach could be to use the cookies for pass the 'remote user' and then remove cookie on logout (perhaps in properties hook for logout.events.pre=)

Let me know if you need any help in following these.