Forums de discussion

  1. Accueil
  2. Development
  3. Login liferay portal from Java

Login liferay portal from Java

thumbnail
Arslan Anwaar, modifié il y a 6 années.

Login liferay portal from Java

New Member Publications: 6 Date d'inscription: 16/10/12 Publications récentes
Hi,

I am using liferay 6.2 ga6 and I have to login a user from back end , which can be a java servlet etc.
I have username and password of the user, whom I want to login. There is a way to login user by redirecting user to a url by enabling auto.login.hooks.

For example following url:
http://loclahost:8080/c/portal/login?parameterAutoLoginLogin=joe.bloggs@liferay.com&parameterAutoLoginPassword=asdf

But in this scenario password of user is being exposed to browser, which is not safe.

Is there any other way to login user without exposing his password?
thumbnail
Olaf Kock, modifié il y a 6 années.

RE: Login liferay portal from Java

Liferay Legend Publications: 6403 Date d'inscription: 23/09/08 Publications récentes
As you're already mentioning auto.login.hooks: If both are on the same system and share access to memory, you could just create a nonce (a long cryptographical value that is valid for a few seconds), keep track on who should be logged in with that nonce (valid only once) and log them in. If both systems don't share memory, you could make them communicate or use cryptography to sign the login request (e.g. including the name, approval that they might log in and a timestamp for how long they can sign in). Also, keep track that they can log in only once with that token. With cryptography, the autologinhook only needs to know the public key of your intended signer of the login request.

An auto login hook does not need the password, thus the nonce or cryptography (signing the login name and timestamp is probably enough, encryption not necessary)
thumbnail
Djamel TORCHE, modifié il y a 6 années.

RE: Login liferay portal from Java

New Member Publications: 18 Date d'inscription: 21/10/14 Publications récentes
Hi,
If your Java code is in the same instance of Liferay (Portlet or osgi componet) then you have access to liferay APIs, so you can do it using :

AuthenticatedSessionManagerUtil.login(request, response, login, password, rememberMe, authType);


Below a complete example of custom login (it expects a form for parameters):


ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( WebKeys.THEME_DISPLAY);

HttpServletRequest request = PortalUtil.getOriginalServletRequest( PortalUtil.getHttpServletRequest(actionRequest));

HttpServletResponse response = PortalUtil.getHttpServletResponse(actionResponse);

String login = ParamUtil.getString(actionRequest, "login");
String password = actionRequest.getParameter("password");
boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
String authType = CompanyConstants.AUTH_TYPE_EA;

AuthenticatedSessionManagerUtil.login( request, response, login, password, rememberMe, authType);


If you your code outside liferay and you want only to grant access to some resources (direct file download or some private pages) : with liferay 6.2 you can use "Headers" in your external request and activate header auto ligin in liferay by :
auto.login.hooks=com.liferay.portal.security.auto.login.request.header.RequestHeaderAutoLogin

Kind regards,
Djamel
thumbnail
Arslan Anwaar, modifié il y a 6 années.

RE: Login liferay portal from Java

New Member Publications: 6 Date d'inscription: 16/10/12 Publications récentes
Hi Djamel,
Thanks for you reply, I am using Liferay 6.2-ga6 community edition, and I am unable to find "AuthenticatedSessionManagerUtil" class. Is there any other way to invoke this method.

Djamel TORCHE:
Hi,
If your Java code is in the same instance of Liferay (Portlet or osgi componet) then you have access to liferay APIs, so you can do it using :

AuthenticatedSessionManagerUtil.login(request, response, login, password, rememberMe, authType);


Below a complete example of custom login (it expects a form for parameters):


ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute( WebKeys.THEME_DISPLAY);

HttpServletRequest request = PortalUtil.getOriginalServletRequest( PortalUtil.getHttpServletRequest(actionRequest));

HttpServletResponse response = PortalUtil.getHttpServletResponse(actionResponse);

String login = ParamUtil.getString(actionRequest, "login");
String password = actionRequest.getParameter("password");
boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
String authType = CompanyConstants.AUTH_TYPE_EA;

AuthenticatedSessionManagerUtil.login( request, response, login, password, rememberMe, authType);


If you your code outside liferay and you want only to grant access to some resources (direct file download or some private pages) : with liferay 6.2 you can use "Headers" in your external request and activate header auto ligin in liferay by :
auto.login.hooks=com.liferay.portal.security.auto.login.request.header.RequestHeaderAutoLogin

Kind regards,
Djamel
henry raj, modifié il y a 6 années.

RE: Login liferay portal from Java

New Member Publications: 6 Date d'inscription: 22/07/17 Publications récentes
Hi Im new to liferay and using LR 7 DXP, My requirement is for creating custom sign in login form –
1.
Please advise whether my is understanding correct? do we need to use blade for creating custom login module (com.liferay.login.web) and via gulp deploy generate theme FOR LOGIN PAGE and then modify ftl and css files in front end...

2. Is it possible to have a separate URL for admin login who are not normal users, http://locahost:8080

Any guidance appreciated!
thumbnail
Olaf Kock, modifié il y a 6 années.

RE: Login liferay portal from Java

Liferay Legend Publications: 6403 Date d'inscription: 23/09/08 Publications récentes
henry raj:
Hi Im new to liferay and using LR 7 DXP, My requirement is for creating custom sign in login form –
1.
Please advise whether my is understanding correct? do we need to use blade for creating custom login module (com.liferay.login.web) and via gulp deploy generate theme FOR LOGIN PAGE and then modify ftl and css files in front end...

2. Is it possible to have a separate URL for admin login who are not normal users, http://locahost:8080


Nitpicking: There's either Liferay 7 or Liferay DXP.

Anyway: To me, the expressions "I'm new to Liferay" and "implement custom login" are mutually exclusive. While this is possible, it feels wrong and I'd advise to get some experience with Liferay: After all, you're starting on a platform that implements all the identity management for you. Your application might have additional requirements, but probably only after you've solved a few more business problems.

Modifying the platform in a sensitive section like identity management requires quite some knowledge and experience about and with the underlying platform. Collect that information first before you tackle this problem. All the other components that you build should rely on the pure identity anyways, so regardless of the login method you use, you should continue to use them, once you have your custom login.
thumbnail
Neil Griffin, modifié il y a 6 années.

RE: Login liferay portal from Java

Liferay Legend Publications: 2655 Date d'inscription: 27/07/05 Publications récentes
The Liferay Faces project provides a JSF Login Portlet demo for Liferay 7 that you can use as reference. You can download the WAR from Maven Central or look at the source code at GitHub.
Christina Moor, modifié il y a 5 années.

RE: Login liferay portal from Java

New Member Envoyer: 1 Date d'inscription: 05/05/18 Publications récentes
same question here. thanks for sharing!