Foren

Home » Liferay Portal » English » 3. Development

Kombinierte Ansicht Flache Ansicht Baumansicht
Threads [ Zurück | Nächste ]
toggle
Michael Bowman
Please Help - getRemoteUser
21. Dezember 2007 07:02
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

All,

Please help me with this. I have seen many posts on the forums about this issue, but nobody seems to have gotten it to work. If I'm going about this the wrong way, please let me know what I should be looking at instead.

The Problem
We're deploying a few portlets from a single war file named cds-ui. I can bring up the portlets fine and everything seems to work. However, when I make an Ajax call from one of the portlets, getRemoteUser() returns null. The Ajax call is to /cds-ui/foo/bar.action which is outside of the portal environment at that point.

What I've tried
I've uncommented the <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> line in server.xml and put "portal.jaas.enable=true" into my portal-ext.properties file. When I do this, I get an "unable to locate a login configuration" exception. I checked that I have a jaas config file and that catalina.bat is pointing to it (I'm using the stock tomcat 5.5 version of Liferay, so it was setup like that automatically).

Can anybody please help me with this? We *need* this to either work or find some sort of workaround or the project is doomed ;)

Maybe I have to do something with the cds-ui projects web.xml file or somehow enable my app to use this?

Thanks!
-Michael
Roman Hoyenko
RE: Please Help - getRemoteUser
27. Dezember 2007 08:35
Antwort

Roman Hoyenko

Rang: Liferay Master

Nachrichten: 868

Eintrittsdatum: 8. Oktober 2007

Neue Beiträge

Are you trying to get a user name in your Ajax call?

The workaround for me was passing the username as a parameter of the Ajax call.
Michael Bowman
RE: Please Help - getRemoteUser
2. Januar 2008 05:59
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

Yes, part of this is so that I can have a user for an ajax request. But also, I have some stand-alone, non-portal pages that need a user as well.

No, I cannot pass the username as a parameter on the request. ;)

Thanks for the help! Any other ideas?

-Michael
Roman Hoyenko
RE: Please Help - getRemoteUser
3. Januar 2008 14:45
Antwort

Roman Hoyenko

Rang: Liferay Master

Nachrichten: 868

Eintrittsdatum: 8. Oktober 2007

Neue Beiträge

Well, outside of the portal there is no notion of the user, so you can't get the user name. The only way to get it is to pass it as a parameter.
Michael Bowman
RE: Please Help - getRemoteUser
7. Januar 2008 05:31
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

Then what is the point of the SingleSignOn valve or the jaas stuff? I thought it was so I could authenticate users from a webapp other than ROOT...

Thanks,
-Michael
Michael Bowman
RE: Please Help - getRemoteUser
7. Januar 2008 05:33
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

Maybe there is another way...

I can get the username after the user has logged in via the LOGIN cookie. If I don't use the getRemoteUser call and decide to go this route instead, how can I tell if a specific LOGIN value is actually logged in? (The LOGIN cookie sticks around after the user logs out).

Thanks,
-Michael
Roman Hoyenko
RE: Please Help - getRemoteUser
7. Januar 2008 08:14
Antwort

Roman Hoyenko

Rang: Liferay Master

Nachrichten: 868

Eintrittsdatum: 8. Oktober 2007

Neue Beiträge

Ok, may be you can do something emoticon

Please read this topic:

http://www.liferay.com/web/guest/community/forums/message_boards/message/364813
Ray Augé
Re: [Liferay Forums][3. Development]RE: Please Help - getRemoteUser
7. Januar 2008 08:30
Antwort

Ray Augé

LIFERAY STAFF

Rang: Liferay Legend

Nachrichten: 1171

Eintrittsdatum: 7. Februar 2005

Neue Beiträge

> Maybe there is another way...
>
> I can get the username after the user has logged in via the LOGIN cookie. If I don't use the getRemoteUser call and decide to go this route instead, how can I tell if a specific LOGIN value is actually logged in? (The LOGIN cookie sticks around after the user logs out).

I've just created a new servlet filter to be used by external servlets
(those in portlet wars for example) which will allow them to be
authorized by the portal. It's extremely simply to use.

It has been checked into trunk and has been backported to 4.4.x (but
it's pretty clean and you could easily patch an earlier release).

Look at the recent changes to:

http://lportal.svn.sourceforge.net/lportal/?rev=12619&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/action/LoginAction.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/action/LogoutAction.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalUtil.java


http://lportal.svn.sourceforge.net/lportal/?rev=12631&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/external/

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/external/ServletAuthorizingFilter.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/servletauthorizing/

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/servlet/filters/servletauthorizing/ServletAuthorizingFilter.java

http://lportal.svn.sourceforge.net/lportal/?rev=12638&view=rev

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalInstances.java

portal/branches/4.4.x/portal-impl/src/com/liferay/portal/util/PortalUtil.java

For example, you would add this in your portlet war's web.xml:

 1    <filter>
 2        <filter-name>Auto Login Filter</filter-name>
 3
 4<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
 5        <init-param>
 6            <param-name>filter-class</param-name>
 7
 8<param-value>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</param-value>
 9        </init-param>
10    </filter>
11    <filter>
12        <filter-name>Servlet Authorizing Filter</filter-name>
13
14<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
15        <init-param>
16            <param-name>filter-class</param-name>
17
18<param-value>com.liferay.portal.servlet.filters.servletauthorizing.ServletAuthorizingFilter</param-value>
19        </init-param>
20    </filter>
21    <filter-mapping>
22        <filter-name>Auto Login Filter</filter-name>
23        <url-pattern>/my_servlet/*</url-pattern>
24    </filter-mapping>
25    <filter-mapping>
26        <filter-name>Servlet Authorizing Filter</filter-name>
27        <url-pattern>/my_servlet/*</url-pattern>
28    </filter-mapping>


Done! Now calls like req.getRemoteUser() "should" work. emoticon

Actually, the more people test this the better...
Michael Bowman
RE: Re: [Liferay Forums][3. Development]RE: Please Help - getRemoteUse
29. Januar 2008 11:40
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

First of all, thanks for your help!

I went ahead and upgraded to Liferay 4.4.0. I tried putting the changes you mentioned above in my web.xml and at first everything seemed to work. I getRemoteUser returns the correct user now, but I'm getting weird hibernate exceptions. If I take the filter mappings out of my web.xml file everything goes back to working. (The exact exception is a ClassCast exception: "org.hibernate.hql.ast.HqlToken cannot be cast to antlr.Token")

I can't figure out why the filter would cause that error.

The only place I deviated from your instructions was that I am hitting a struts application for these ajax calls, not a servlet. So the url pattern I used was /* instead of my_servlet/* ...

Any ideas?

Thanks again!
-Michael
Michael Bowman
RE: Re: [Liferay Forums][3. Development]RE: Please Help - getRemoteUse
29. Januar 2008 13:23
Antwort

Michael Bowman

Rang: New Member

Nachrichten: 11

Eintrittsdatum: 25. Juni 2007

Neue Beiträge

Nevermind that last post... I had a few different problems going on there. First, I didn't have portal.jaas.enable=true in my portal-ext.properties file and then I had to edit catalina.bat to use back slashes instead of forward slashes so tomcat could find jaas.config.

After I fixed that, it worked like a charm. I have a non-portal page that is deployed with my portlets that I can get to just fine. Plus, now all of my ajax calls have a user associated with them!!! :-D :-D :-D

The only problem I've found is that after I reboot tomcat, and try to go to "http://localhost:8080/user/joebloggs/home", I get forwarded to /c/portal/protected and get an "HTTP Status 403 - Access to the requested resource has been denied" tomcat error page. If I try again though, I get through to the joebloggs home page and I am logged in.

Any ideas?

Thanks again for your help! That patch was sorely needed!
-Michael