5 Replies Latest reply on Sep 10, 2007 1:36 PM by Brendan Farragher

    HOWTO: Replace portal authentication and authorization

    Arnie Morein Novice

      I need to replace the portal's internal methods with a custom class we wrote internally. Though LDAP is used to authentication, the base functions aren't detailed enough for our needs. Authorization is done based on data from a database.

      I know I'm supposed to implement UserModule and RoleModule but I cannot find any documentation on how to do that. The JavaDoc's show classes such as org.jboss.portal.core.impl.user.UserModule and *.Impl but I cannot descend that class as its not in any of the jars under the portal.sar/lib folder.

      What are the fully qualified class names and what jar's are they supposed to be in? A URL to a document detailing how to make the portal use these new classes would be much appreciated. Esp since I'll probably have to create my own login and registration portlets.

      Thanks!

        • 1. Re: HOWTO: Replace portal authentication and authorization
          Thomas Heute Master

          The classes are part of the 'identity' module.

          • 2. Re: HOWTO: Replace portal authentication and authorization
            David Roberts Apprentice

            I had some issues when enabling LDAP authentication using JBoss Portal 2.4.1. The authentication worked, but the securities did not. This is what I ended up doing. Maybe it will help you in some way:

            - I downloaded the source (2.4.1) so I could build the JBoss Portal myself.
            - I DID NOT enable LDAP authenitcation and used the standard setup that comes with JBoss Portal.
            - I created all the users I wanted in JBoss Portal the usual way, all with the same password, for example, "mypassword", but made sure that each username corresponded to the user name in my LDAP directory.
            - I downloaded the JLdap library from www.openldap.org.
            - I put the jar file in the portal lib directory.
            - I added the jar file to jboss-portal-2.4.1-src\thirdparty.
            - Added the classpath to jboss-portal-2.4.1-src\identity\build.xml.
            - I edited jboss-portal-2.4.1-src\identity\src\main\org\jboss\portal\identity\auth\IdentityLoginModule in the JBoss Portal source code and added my own LDAPAuthentication method.
            - In IdentityLoginModule, I edited the method validatePassword, and at the top of it, I called my LDAPAuthentication method with the supplied username and password, which then returned true if LDAP authenitcation passed, or false if it failed. If true was returned, I changed the supplied password to "mypassword" in validatePassword method, otherwise I changed it to "incorrect" or some other incorrect string. Now the rest of validatePassword method continues normally, and will login the user locally if they used their correct LDAP password.
            - I built the portal source from scratch, and my customized LDAP authentication worked perfectly.

            A workaround I know, but it works, and hopefully will help someone else.
            When JBoss Portal 2.6 is stable, I will upgrade to that, and all of this will probably fall away

            • 3. Re: HOWTO: Replace portal authentication and authorization
              Boleslaw Dawidowicz Master


              arnieAustin: UserModule and RoleModule are interfaces that you need to implement. UserModuleImpl and RoleModuleImpl are JBP implementation you can use as an example. To plug in your implementation change those class names in core/src/resources/portal-sar/META-INF/jboss-service.xml

              dleerob: Did you try using LdapLoginModule from JBossSX and adding all the users in LDAP to a role called "Authenticated"?

              JBoss Portal 2.6 will come with some ready implementations of user/roles modules for LDAP

              • 4. Re: HOWTO: Replace portal authentication and authorization
                David Roberts Apprentice

                bdaw: I followed the wiki at: http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingAnLDAPSourceForPortalAuthentication

                I did create a role "Authenticated" in LDAP and assign it to everyone in our company.

                The LDAP authentication did work, but because I also had to create users locally to match the users in LDAP, the securities to pages etc did not work when I used the LDAP password for a user. It only worked when using the local JBoss password for that user. That's why I ended up with my own workaround. Seemed no one could help.

                • 5. Re: HOWTO: Replace portal authentication and authorization
                  Brendan Farragher Newbie

                   

                  PostPosted: Tue Feb 13, 2007 04:56 AM Post subject: Re: HOWTO: Replace portal authentication and authorization

                  arnieAustin: UserModule and RoleModule are interfaces that you need to implement. UserModuleImpl and RoleModuleImpl are JBP implementation you can use as an example. To plug in your implementation change those class names in core/src/resources/portal-sar/META-INF/jboss-service.xml

                  dleerob: Did you try using LdapLoginModule from JBossSX and adding all the users in LDAP to a role called "Authenticated"?

                  JBoss Portal 2.6 will come with some ready implementations of user/roles modules for LDAP


                  I am looking at the jboss-service.xml file under my portal .sar directory (JBP 2.6.1), but I am not getting any matches when I scan for UserModuleImpl or RoleModuleImpl. Which entries have to be changed to plug in custom login/role implementations?

                  Thanks.