incubator-esme-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Hirsch <hirsch.d...@gmail.com>
Subject Re: Container-based authentication
Date Sat, 09 Jan 2010 17:19:48 GMT
Played further with the Container-based AuthModule and got a little
farther. Can't compile the code based on my limited Scala knowledge
but I hope you see what I'm trying to achieve.

You'll notice that I left the ModuleName with "upw". I've done this,
because I'd assume that the api2 could be used to create the users. A
moduleName with "container" wouldn't make much sense.

I also don't know what do do with "case Req("authentication" ::
"login" :: Nil, _, PostRequest) =>", because it refers to a specific
login page which we won't have if had container-based authentication.

Maybe someon can give me a tip where my Scala mistakes are....

object ContainerAuthModule extends AuthModule {

  def moduleName: String = "upw"

  def performInit(): Unit = {
    LiftRules.dispatch.append {
      case Req("authentication" :: "login" :: Nil, _, PostRequest) =>
        val from = S.referer openOr "/"

        (for {
            java.security.Principal principal = S.Request.getUserPrincipal();
            if(principal != null) {
                 String username = principal.getName();

                  user <- UserAuth.find(By(UserAuth.authKey, username),
                                  By(UserAuth.authType,
moduleName)).flatMap(_.user.obj) or
                  User.find(By(User.nickname, username))

                  userAuth <- UserAuth.find(By(UserAuth.user,
username), By(UserAuth.authType, moduleName))
            }
            if true
          } yield user) match {
          case Full(user) =>
            User.logUserIn(user)
            S.notice(S.?("base_user_msg_welcome", user.niceName))

          case _ =>
            S.error(S.?("base_user_err_unknown_creds"))
        }

        S.redirectTo(from)
    }
  }


On Fri, Jan 8, 2010 at 4:12 PM, Richard Hirsch <hirsch.dick@gmail.com> wrote:
> On Fri, Jan 8, 2010 at 3:38 PM, Daniel Koller <dakoller@googlemail.com> wrote:
>> ...only a short remark: that would also ease the task to enable Win NT
>> authentication. (because NT auth is then just a matter of container
>> configuration).
>> AFAIK there recipes already how to make it work on Tomcat.
>>
>> However we should look what this means for the task of role management.
>
> We are waiting for LDAP to come to Lift before moving more in this
> direction. But you might also want to take a look at Ethan's work
> regarding the admin role. In the threads discussing his work, we also
> talked about groups / roles...
>>
>> Kind regards,
>>
>> Daniel
>>
>> 8. Jan 2010 1:33 nachm. schrieb am "Richard Hirsch" <hirsch.dick@gmail.com>:
>>
>> Been thinking a lot about container based authentication - primarily,
>> because of my interest in the CAS integration which is necessary for
>> an OFBiz integration (search for OFBizCasAuthenticationHandler.java
>> class for details)
>>
>> Here a few thoughts.
>>
>> in J2EE, the way to get the user is via the following code:
>>
>>  java.security.Principal principal = request.getUserPrincipal();
>>   if(principal != null) {
>>       String username = principal.getName();
>>       // usw. usf.
>>   }
>>
>> If we used the UserPwdAuthModule in UserAuth.scala as a basis, we
>> could use the following code combined with the code above to get the
>> user:
>>
>>           user <- UserAuth.find(By(UserAuth.authKey, name),
>>                                 By(UserAuth.authType,
>> moduleName)).flatMap(_.user.obj) or
>>           User.find(By(User.nickname, name))
>>
>> We could take use the S object in lift to get the request and then get
>> the UserPrincipal.  Probably with "S.request"
>>
>> The only I don't know is how to make this Container-based authmodule
>> be the default that works without a UI that implicitly calls it.
>>
>> One idea is to remove  the following lines from Boot.scala
>>   UserAuth.register(UserPwdAuthModule)
>>   UserAuth.register(OpenIDAuthModule)
>>
>> and replace them with
>>  UserAuth.register(ContaionerAuthModule)
>>
>>
>> Anyone have any ideas / thoughts?
>>
>> D.
>>
>

Mime
View raw message