4 Replies Latest reply on May 14, 2008 8:41 AM by sebgerpb

    Custom Login Module - Login Link

    ai77

      Hi,
      I've been reading posts on custom login authentication for days and I managed to get to an almost working login mechanism, but I'm now stuck with a problem for which I couldn't find a solution in any of the prev posts.
      Here's my situation: I'm using jboss portal bundle 2.6.4 and I need to authenticate my users via a Web Service (which I already have and it's working fine).
      I created my own custom login module which looks more or less like NM-156's in this post: http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4088974#4088974%20(403%20dashboard), except for the authentication bit which relies on the web service login call.
      I've changed my jboss-portal-2.6.4\server\default\deploy\jboss-portal.sar\conf\login-config.xml to include my own "login-module".
      I log in the portal from the login link on the top right corner of the default installation portal page and if I use user "admin" which is both available in jboss and in my web service, everything works fine.
      If instead I try with a user that is only recognized by my web service, albeit the custom login module is called and the log in works fine (if I get the request.getUserPrincipal() from a portlet I get the correct name of the logged in user), the link "login" on the top-right corner of the portal is still there! And my page has been redirected to /portal/auth/portal/ so I don't understand why I don't see the "Dashboard | Admin | Logout" links. Also the "current users" portlet says that I'm logged-in.
      I'm sure I'm missing something really stupid, but any help would be greatly appreciated.

        • 1. Re: Custom Login Module - Login Link
          sebgerpb

          Hi ai77,

          I have the same problem. Did you solve this one in the meantime? If yes, can you tell me how to fix it?

          • 2. Re: Custom Login Module - Login Link
            sebgerpb

            I further investigated this issue. It seems to me like this has something to do with using a custom principal in the custom login module.

            If I override the commit()-method of AbstractServerLoginModule and only return true, JBoss Security Manager doesnt make use of my custom principal, but I can see the links for Dashboard and Logout on the top right corner.
            Otherwise, if I do not override the commit()-method, my custom prinicpal is used by the Security Manager and I can access it in my portlet. But in this case, the Login-Link doesn't disappear.

            Has anyone here had similar problems?

            • 3. Re: Custom Login Module - Login Link
              ai77

              The problem is that the user has to exist in both my database/WS and the jboss-portal database. If it is so, everything works fine, my custom-login-module is called and i see the links on top of the page. Note that the user in the jboss DB just needs to have the same login (password and other info can be different). If you think about it, it makes sense as there are lots of things associated to that user that are jboss specific, as permissions, dashboard, pages, own portals... but it's still a pain.
              The problem now is to keep the two databases synchronized. If inserting users through the jboss user management portlet, i thought I could override its WF jbp_identity_validation_approval_workflow (see identity-ui-configuration.xml) to call my Web Service to insert the user in my DB as well. I haven't gone so far yet, but if somebody has done it, please let me know!
              I didn't override the commit method in my custom login.

              • 4. Re: Custom Login Module - Login Link
                sebgerpb

                Hi ai77,

                if I unterstand the docs correctly, the synchronization of the two databases can be done by the SynchronizingLoginModule (at least for the JBoss part). It is described here: http://docs.jboss.com/jbportal/v2.6.4/referenceGuide/html/authentication.html#authentication.synchronizing_login_module

                You can also turn off the Jboss IdentityModule in login-config.xml, or mark it as optional. Then you won't have to mess around with two databases (but I'm not sure what will happen to JBoss specific functions then).

                I already tried logging in with a user that exists in the portal database as well as on the remote server I have to authenticate to, but it's still the same problem. But you said it worked out for you, so I will give it another try.