Check User's Password by providing clear text input?

掲示板

9年前に Christian Freihoff によって更新されました。

Check User's Password by providing clear text input?

Junior Member 投稿: 36 参加年月日: 12/12/03 最新の投稿

Hi at all,
I have an external webapp that pulls its users and roles from liferay (via UserLocalServiceUtil, what works fine). Additionally that application wants to forward screenname and password to liferay to check authentication. First case, with just comparing encrypted password, is no problem.

But in the second case the application sends a password field input (that means clear text) that has to be checked. I tried
UserLocalServiceUtil.authenticateByScreenName(companyId, screenName, password, null, null, null)
but this allway returns fail (-1). I thought, in this method the clear text password would be taken. Or am I doing some other mistake? May it be a problem to submit nulls instead of theses maps ( Map<String,String[]> headerMap, Map<String,String[]> parameterMap, Map<String,Object> resultsMap)?

Or does anyone know another way just to check a clear text password against the encrypted one in liferay? Is there really no localServiceUtil whith an encrypt(String cleartext) method?

9年前に Tomas Polesovsky によって更新されました。

RE: Check User's Password by providing clear text input?

Liferay Master 投稿: 676 参加年月日: 09/02/13 最新の投稿

Hi Christian,

does your application run inside the portal or you just use portal libraries to access the database?

Did you customize any of portal.properties related to login process? The configuration must match.

UserLocalServiceUtil#authenticateByScreenName should work, assuming you have correct companyId, screenName and password + authentication configuration.

There is no public encrypt(String cleartext). PwdEncryptor/PasswordEncryptorUtil is a private API.

9年前に Christian Freihoff によって更新されました。

RE: Check User's Password by providing clear text input?

Junior Member 投稿: 36 参加年月日: 12/12/03 最新の投稿

Hi Tomas,

Tomas Polesovsky:

does your application run inside the portal or you just use portal libraries to access the database?

That application is a regular (and autonomous) webapp which normally has nothing to do with liferay apart from the fact that it is running on the same tomcat. I am working on connecting it to liferay at some points. Classes like UserLocalServiceUtil are fortunately accessible.

Tomas Polesovsky:

Did you customize any of portal.properties related to login process? The configuration must match.

No, they should have the default.

Tomas Polesovsky:

UserLocalServiceUtil#authenticateByScreenName should work, assuming you have correct companyId, screenName and password + authentication configuration.

Should is also work when I leave the maps (Map<String,String[]> headerMap, Map<String,String[]> parameterMap, Map<String,Object> resultsMap) empty or null? If not, from where should these parameters be pulled?

9年前に Tomas Polesovsky によって更新されました。

RE: Check User's Password by providing clear text input?

Liferay Master 投稿: 676 参加年月日: 09/02/13 最新の投稿

Hi Christian,

one idea - could you instead use:

UserLocalServiceUtil.authenticateForBasic(companyId, authType, login, password)

9年前に Christian Freihoff によって更新されました。

RE: Check User's Password by providing clear text input?

Junior Member 投稿: 36 参加年月日: 12/12/03 最新の投稿

okay, got it now. The first method

userLocalService.authenticateByScreenName(companyId, screenName, password, null, null, null)

runs fine, i had a bug in another part of code. That method returns what is written in javadoc (1 if auth okay).

The other method

UserLocalServiceUtil.authenticateForBasic(companyId, authType, login, password)

also works. But not as written in the javadoc. It returns the userid if auth. is successful. Maybe someone should update that piece of documentation.

Thanks for Your help emoticon

9年前に Tomas Polesovsky によって更新されました。

RE: Check User's Password by providing clear text input?

Liferay Master 投稿: 676 参加年月日: 09/02/13 最新の投稿

Thanks for the javadoc tip! emoticon