Return-Path: 
 <esme-dev-return-2592-apmail-incubator-esme-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-esme-dev-archive@minotaur.apache.org
Received: (qmail 48149 invoked from network); 9 Jan 2010 17:20:17 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 9 Jan 2010 17:20:17 -0000
Received: (qmail 35608 invoked by uid 500); 9 Jan 2010 17:20:17 -0000
Delivered-To: apmail-incubator-esme-dev-archive@incubator.apache.org
Received: (qmail 35551 invoked by uid 500); 9 Jan 2010 17:20:17 -0000
Mailing-List: contact esme-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:esme-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:esme-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:esme-dev@incubator.apache.org>
List-Id: <esme-dev.incubator.apache.org>
Reply-To: esme-dev@incubator.apache.org
Delivered-To: mailing list esme-dev@incubator.apache.org
Received: (qmail 35541 invoked by uid 99); 9 Jan 2010 17:20:17 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jan 2010 17:20:17 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of hirsch.dick@gmail.com
 designates 209.85.218.210 as permitted sender)
Received: from [209.85.218.210] (HELO mail-bw0-f210.google.com)
 (209.85.218.210)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jan 2010 17:20:08 +0000
Received: by bwz2 with SMTP id 2so12219786bwz.20
        for <esme-dev@incubator.apache.org>;
 Sat, 09 Jan 2010 09:19:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type
         :content-transfer-encoding;
        bh=VAlIi/BCg1zImK2i8Sv8Igo+ouJp3qqfy0wRNFt/gqE=;
        b=R/QoOuySPFMRMKagDIUqQIIQL9iqUuJLsbATgyvDh0IY77puHEDY0TcNt3l/q97zGH
         Xy22M4S4UoPFmAG6IrD70f9vgX7p9r/nV+T2i6NiFfLyI2vbXdkjx7D3pqZpPTEhiuyi
         EySyeCaPEpXlLpyHLWyXKVK39ORd0BSMoQxa4=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=grixXqKdmGBGVzDD3QAMb9WNtf9bH6/07oYGTDNEjPJrrr5jQfTIt/E6rn5ZrpBcU1
         roypT5LcVM4EwU2jmFQ7V8+fHKtjPSaGVk/9aT16xiMDVLtmgJ7Og4x7Ci0k6hkcL4sO
         AobqV3aH3SwcvdP3wyK5UVg/yc7llKypQvdTQ=
MIME-Version: 1.0
Received: by 10.204.10.149 with SMTP id p21mr2328706bkp.3.1263057588302; Sat,
	09 Jan 2010 09:19:48 -0800 (PST)
In-Reply-To: <fa2d9f451001080712k28ca4a9fk9ed22ef3bc57ed69@mail.gmail.com>
References: <fa2d9f451001080432w7e55c463ne96dbf567ba68cd4@mail.gmail.com>
	 <2bca8c351001080634w6862e28dkff1ce525c1028259@mail.gmail.com>
	 <2bca8c351001080638r66081814g530058a7dae24a10@mail.gmail.com>
	 <fa2d9f451001080712k28ca4a9fk9ed22ef3bc57ed69@mail.gmail.com>
Date: Sat, 9 Jan 2010 18:19:48 +0100
Message-ID: <fa2d9f451001090919g7a8eb97hc01e6805f6176fe1@mail.gmail.com>
Subject: Re: Container-based authentication
From: Richard Hirsch <hirsch.dick@gmail.com>
To: esme-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Checked: Checked by ClamAV on apache.org

Played further with the Container-based AuthModule and got a little
farther. Can't compile the code based on my limited Scala knowledge
but I hope you see what I'm trying to achieve.

You'll notice that I left the ModuleName with "upw". I've done this,
because I'd assume that the api2 could be used to create the users. A
moduleName with "container" wouldn't make much sense.

I also don't know what do do with "case Req("authentication" ::
"login" :: Nil, _, PostRequest) =3D>", because it refers to a specific
login page which we won't have if had container-based authentication.

Maybe someon can give me a tip where my Scala mistakes are....

object ContainerAuthModule extends AuthModule {

  def moduleName: String =3D "upw"

  def performInit(): Unit =3D {
    LiftRules.dispatch.append {
      case Req("authentication" :: "login" :: Nil, _, PostRequest) =3D>
        val from =3D S.referer openOr "/"

        (for {
            java.security.Principal principal =3D S.Request.getUserPrincipa=
l();
            if(principal !=3D null) {
                 String username =3D principal.getName();

                  user <- UserAuth.find(By(UserAuth.authKey, username),
                                  By(UserAuth.authType,
moduleName)).flatMap(_.user.obj) or
                  User.find(By(User.nickname, username))

                  userAuth <- UserAuth.find(By(UserAuth.user,
username), By(UserAuth.authType, moduleName))
            }
            if true
          } yield user) match {
          case Full(user) =3D>
            User.logUserIn(user)
            S.notice(S.?("base_user_msg_welcome", user.niceName))

          case _ =3D>
            S.error(S.?("base_user_err_unknown_creds"))
        }

        S.redirectTo(from)
    }
  }


On Fri, Jan 8, 2010 at 4:12 PM, Richard Hirsch <hirsch.dick@gmail.com> wrot=
e:
> On Fri, Jan 8, 2010 at 3:38 PM, Daniel Koller <dakoller@googlemail.com> w=
rote:
>> ...only a short remark: that would also ease the task to enable Win NT
>> authentication. (because NT auth is then just a matter of container
>> configuration).
>> AFAIK there recipes already how to make it work on Tomcat.
>>
>> However we should look what this means for the task of role management.
>
> We are waiting for LDAP to come to Lift before moving more in this
> direction. But you might also want to take a look at Ethan's work
> regarding the admin role. In the threads discussing his work, we also
> talked about groups / roles...
>>
>> Kind regards,
>>
>> Daniel
>>
>> 8. Jan 2010 1:33 nachm. schrieb am "Richard Hirsch" <hirsch.dick@gmail.c=
om>:
>>
>> Been thinking a lot about container based authentication - primarily,
>> because of my interest in the CAS integration which is necessary for
>> an OFBiz integration (search for OFBizCasAuthenticationHandler.java
>> class for details)
>>
>> Here a few thoughts.
>>
>> in J2EE, the way to get the user is via the following code:
>>
>> =A0java.security.Principal principal =3D request.getUserPrincipal();
>> =A0 if(principal !=3D null) {
>> =A0 =A0 =A0 String username =3D principal.getName();
>> =A0 =A0 =A0 // usw. usf.
>> =A0 }
>>
>> If we used the UserPwdAuthModule in UserAuth.scala as a basis, we
>> could use the following code combined with the code above to get the
>> user:
>>
>> =A0 =A0 =A0 =A0 =A0 user <- UserAuth.find(By(UserAuth.authKey, name),
>> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 By(UserA=
uth.authType,
>> moduleName)).flatMap(_.user.obj) or
>> =A0 =A0 =A0 =A0 =A0 User.find(By(User.nickname, name))
>>
>> We could take use the S object in lift to get the request and then get
>> the UserPrincipal. =A0Probably with "S.request"
>>
>> The only I don't know is how to make this Container-based authmodule
>> be the default that works without a UI that implicitly calls it.
>>
>> One idea is to remove =A0the following lines from Boot.scala
>> =A0 UserAuth.register(UserPwdAuthModule)
>> =A0 UserAuth.register(OpenIDAuthModule)
>>
>> and replace them with
>> =A0UserAuth.register(ContaionerAuthModule)
>>
>>
>> Anyone have any ideas / thoughts?
>>
>> D.
>>
>