4 Replies Latest reply on May 27, 2009 3:29 AM by kapitanpetko

    IdentityManager username case-insensitive

    mephisto
    mephisto May 26, 2009 4:27 PM

      Hi,


      I am using Seams new Identitymanager and I can't believe that I am the only one who wants to store and check his usernames without any case.


      I want that my users can log in with his username in any case. JohnDoe should validate as far as johndoe or jOhNDoE.


      What am I missing in my config or how do I have to override my JPAIdentityStore to create such a behavior?



      My first steps look like this:


      @Name("jpaIdentityStore")
@Install(precedence = Install.APPLICATION)
@Scope(ScopeType.APPLICATION)
@BypassInterceptors
@Startup
public class LowerCaseIdentityStore extends JpaIdentityStore {

    private static final long serialVersionUID = 1L;

    public LowerCaseIdentityStore() {
        super();
        setUserClass(NutzerKonto.class);
        setRoleClass(NutzerRolle.class);
    }

    @Logger
    Log log;
    
    @Override
    public boolean authenticate(String username, String password) {
        username = username.toLowerCase();
        log.info("authenticating " + username + " " + password);
        return super.authenticate(username, password);
    }   
}



      If I log in with JohnDoe I still get a NoSuchUserException: User JohnDoe not Found. I expected no Uppercase letters in this state.


      What am I doing wrong?


      greets


      Nico

      • 256 Views
      • Tags:
        • 1. Re: IdentityManager username case-insensitive
          kapitanpetko
          kapitanpetko May 26, 2009 5:16 PM (in response to mephisto)

          It will be a lot easier to normalize the username in your action class, before you pass it to Identity.

            • Actions
          • 2. Re: IdentityManager username case-insensitive
            mephisto
            mephisto May 26, 2009 5:23 PM (in response to mephisto)

            You say that instead of calling




            <h:commandButton value="Login" action="#{identity.login}"/>



            I have to create an Action that normalizes the Identity and pass it to identity.login



            something like that?




            @Name("myWonderfulLoginAction")
class myLoginAction() implements ... {
   (...)
   @In Identity identity;

   public login() {
      username = identity.getCredentials().getUsername().toLowerCase();
      identity.setCredentials(username);
      identity.login();
   }
}



            Sure it would be a way, but is there a nicer one?


            greets


            Nico

              • Actions
            • 3. Re: IdentityManager username case-insensitive
              mephisto
              mephisto May 26, 2009 5:28 PM (in response to mephisto)

              bulls***


              getCredentials.setUsername(username);

                • Actions
              • 4. Re: IdentityManager username case-insensitive
                kapitanpetko
                kapitanpetko May 27, 2009 3:29 AM (in response to mephisto)

                Nico Wollenzin wrote on May 26, 2009 17:23:


                You say that instead of calling



                <h:commandButton value="Login" action="#{identity.login}"/>



                I have to create an Action that normalizes the Identity and pass it to identity.login


                something like that?


                Yes, something like that. You will have to set the password to Credentials as well, though.



                Sure it would be a way, but is there a nicer one?


                IMHO, that's nicer than overriding IdentityStore. If want to do validation for your credentials
                and show messages (say, no space in username allowed), you are going to need a login action anyway.


                If you really want to override IdentityStore, you need to use the full name on your overriding component:


                @Name("org.jboss.seam.security.identityStore")




                  • Actions