Difference between revisions of "D4Science Portal HTTPS x509 Certificate Authentication"
| Line 2: | Line 2: | ||
'''Set the dev/deploy environment''' | '''Set the dev/deploy environment''' | ||
# Unzip the file [http://inikah2.googlecode.com/files/skeleton-hook.zip] onto your "plugin-sdk/hooks" folder. | # Unzip the file [http://inikah2.googlecode.com/files/skeleton-hook.zip] onto your "plugin-sdk/hooks" folder. | ||
| − | # Copy the AutoLoginCustom.java source to the src folder | + | # Copy the AutoLoginCustom.java(please find below) source to the src folder |
# Add the following line to portal.properties file: | # Add the following line to portal.properties file: | ||
auto.login.hooks=com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin,com.liferay.portal.security.auth.AutoLoginCustom | auto.login.hooks=com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin,com.liferay.portal.security.auth.AutoLoginCustom | ||
| Line 15: | Line 15: | ||
The field "Job Title" was chosen, because the field length is long enough to hold X509 certificate DN unlike other fields. This feature can be changed to use custom attribute field as per needs and requirements. | The field "Job Title" was chosen, because the field length is long enough to hold X509 certificate DN unlike other fields. This feature can be changed to use custom attribute field as per needs and requirements. | ||
| + | <nowiki> | ||
| + | The code for AutoLoginCustom.java: | ||
| + | package com.liferay.portal.security.auth; | ||
| + | |||
| + | import java.security.cert.X509Certificate; | ||
| + | import java.util.Iterator; | ||
| + | import java.util.List; | ||
| + | |||
| + | import javax.servlet.http.HttpServletRequest; | ||
| + | import javax.servlet.http.HttpServletResponse; | ||
| + | |||
| + | import com.liferay.portal.SystemException; | ||
| + | import com.liferay.portal.model.User; | ||
| + | import com.liferay.portal.security.auth.AutoLogin; | ||
| + | import com.liferay.portal.security.auth.AutoLoginException; | ||
| + | import com.liferay.portal.service.UserLocalServiceUtil; | ||
| + | import com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin; | ||
| + | import org.apache.commons.logging.Log; | ||
| + | import org.apache.commons.logging.LogFactory; | ||
| + | |||
| + | |||
| + | |||
| + | public class AutoLoginCustom implements AutoLogin{ | ||
| + | |||
| + | String[] credentials = new String[3]; | ||
| + | private static Log logger = LogFactory.getLog(AutoLoginCustom.class); | ||
| + | |||
| + | public String[] login(HttpServletRequest req, HttpServletResponse resp) | ||
| + | throws AutoLoginException { | ||
| + | // TODO Auto-generated method stub | ||
| + | List<User> users = null; | ||
| + | User loginUser = null; | ||
| + | long userId = 0; | ||
| + | String requestDN = this.getUserDN(req); | ||
| + | if(requestDN != null){ | ||
| + | try { | ||
| + | |||
| + | users = UserLocalServiceUtil.getUsers(0, UserLocalServiceUtil.getUsersCount()); | ||
| + | } catch (SystemException e) { | ||
| + | // TODO Auto-generated catch block | ||
| + | e.printStackTrace(); | ||
| + | } | ||
| + | Iterator<User> userIter = users.iterator(); | ||
| + | |||
| + | while(userIter.hasNext()){ | ||
| + | |||
| + | User user = (User)userIter.next(); | ||
| + | if(user.getJobTitle().equals(requestDN)){ | ||
| + | loginUser = user; | ||
| + | logger.info("X509 certificate user logs in: " + loginUser.getFirstName()); | ||
| + | break; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | |||
| + | } | ||
| + | |||
| + | if(loginUser!=null){ | ||
| + | userId = loginUser.getUserId(); | ||
| + | |||
| + | credentials[0]=String.valueOf(userId); | ||
| + | credentials[1] = loginUser.getPassword(); | ||
| + | credentials[2] = Boolean.FALSE.toString(); | ||
| + | } | ||
| + | |||
| + | return credentials; | ||
| + | } | ||
| + | private X509Certificate[] getCerts(HttpServletRequest req) { | ||
| + | return (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); | ||
| + | } | ||
| + | |||
| + | private String getUserDN(HttpServletRequest req) { | ||
| + | X509Certificate certs[] = this.getCerts(req); | ||
| + | if (certs != null && certs.length > 0) { | ||
| + | String DN = certs[0].getSubjectDN().getName(); | ||
| + | String parsedDN = DN.replace(", ", ","); | ||
| + | return parsedDN; | ||
| + | } | ||
| + | else { | ||
| + | return null; | ||
| + | } | ||
| + | } | ||
| + | } | ||
| + | </nowiki> | ||
Revision as of 17:05, 30 July 2010
This is a custom Auto login hook that provides customised authentication for X509 certificate users. Set the dev/deploy environment
- Unzip the file [1] onto your "plugin-sdk/hooks" folder.
- Copy the AutoLoginCustom.java(please find below) source to the src folder
- Add the following line to portal.properties file:
auto.login.hooks=com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin,com.liferay.portal.security.auth.AutoLoginCustom
- Run "ant war" - The war file will be created in the plugins-sdk/dist folder.
- Copy the war file to Liferay_home/deploy
- Restart liferay instance
Auto Login hook is now ready to be tested and used.
Configuration needed at liferay Web UI:
- The X509 User should have "Job Title" field configured to the X509 certificate DN
The field "Job Title" was chosen, because the field length is long enough to hold X509 certificate DN unlike other fields. This feature can be changed to use custom attribute field as per needs and requirements. The code for AutoLoginCustom.java: package com.liferay.portal.security.auth; import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.liferay.portal.SystemException; import com.liferay.portal.model.User; import com.liferay.portal.security.auth.AutoLogin; import com.liferay.portal.security.auth.AutoLoginException; import com.liferay.portal.service.UserLocalServiceUtil; import com.liferay.portal.security.auth.BasicAuthHeaderAutoLogin; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class AutoLoginCustom implements AutoLogin{ String[] credentials = new String[3]; private static Log logger = LogFactory.getLog(AutoLoginCustom.class); public String[] login(HttpServletRequest req, HttpServletResponse resp) throws AutoLoginException { // TODO Auto-generated method stub List<User> users = null; User loginUser = null; long userId = 0; String requestDN = this.getUserDN(req); if(requestDN != null){ try { users = UserLocalServiceUtil.getUsers(0, UserLocalServiceUtil.getUsersCount()); } catch (SystemException e) { // TODO Auto-generated catch block e.printStackTrace(); } Iterator<User> userIter = users.iterator(); while(userIter.hasNext()){ User user = (User)userIter.next(); if(user.getJobTitle().equals(requestDN)){ loginUser = user; logger.info("X509 certificate user logs in: " + loginUser.getFirstName()); break; } } } if(loginUser!=null){ userId = loginUser.getUserId(); credentials[0]=String.valueOf(userId); credentials[1] = loginUser.getPassword(); credentials[2] = Boolean.FALSE.toString(); } return credentials; } private X509Certificate[] getCerts(HttpServletRequest req) { return (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); } private String getUserDN(HttpServletRequest req) { X509Certificate certs[] = this.getCerts(req); if (certs != null && certs.length > 0) { String DN = certs[0].getSubjectDN().getName(); String parsedDN = DN.replace(", ", ","); return parsedDN; } else { return null; } } }
