I have created a dashboard using Liferay Portal and I also have a seperate User management Server (OpenLDAP).
My requirement is when user changes the password through
Liferay portal → My Account → Password → Save, it should automatically be updates in my LDAP server.
For that I have to incorporate some changes in password script of Liferay portal.
Where can i find the password script? or lets say, which script is called when user changes the password and clicks save.
You can use a hook to update the password. Since ultimately liferay will store the password in the database through a method in UserServiceImpl and UserLocalServiceImpl and the database table User_ is going to be updated which is represented by the model User.
So can use any of the following approaches:
Use a Wrapper hook. Write your custom code in your *UserServiceWrapper class's updateUser method.
Or use a Model Listener hook. Create a UserListener and use the method onAfterUpdate and/or onAfterCreate to write your custom code.
Have you also considered using the Portal Settings LDAP export option?
Portal Settings → Authentication → LDAP → Import / Export, more information in Liferay User-guide
In ../deploy/ROOT.war/html/portal folder there is update_password.jsp which is responsible for presenting the UI.
If you check this JSP page, the action that gets called is /portal/update_password
If you check struts-config.xml file present in ../deploy/ROOT.war/WEB-INF folder, you will get the corresponding action which gets invoked. Below is the code,
<action path="/portal/update_password" type="com.liferay.portal.action.UpdatePasswordAction">
<forward name="portal.update_password" path="portal.update_password" />
</action>
If you check the class UpdatePasswordAction present in com.liferay.portal.action package then the relevant code which changes the password of the User is below,
protected void updatePassword(HttpServletRequest request, HttpServletResponse response, ThemeDisplay themeDisplay, Ticket ticket)
throws Exception
{
....
UserLocalServiceUtil.updatePassword(
userId, password1, password2, passwordReset);
..
}
Related
I need to customize LDAP federation, so I extended LDAPStorageProvider and appropriate LDAPStorageProviderFactory. It is called, but however in admin panel there are no configuration options shown at all. What I would like is to set the edit mode to read-only so it can not be changed. I tried also some existing solutions found in github, doing similar thing, but they also does not show options in admin console.
To add a context to the question: what I want to achieve is to make my
#Override
public boolean isValid(RealmModel realm, UserModel user, CredentialInput input) {
return super.isValid(realm, user, input);
}
because when user is created initially, administrator creates a temporary password that has to be changed on next login. We have an internal REST for this, but I need that initial password user got from admin, since its required parameter. Then, I can intercept input and use for example:
authSession.setAuthNote("password-old", input.getChallengeResponse());
To add it to session temporarily.
If I can get CredentialInput somehow from KeycloakSession - that would be the best, but have not find a way so far.
Many thanks
I'm new to Cuba-platform version 6.10.3. I have a problem where I am stuck.
I have a User entity where I create a new user which has parameters identical to those of the sec$User system entity. Now, I would like to pass the values entered in the User entity (name, password, lastname, email) and also the access group created specifically for the users (customers). Then register the attributes directly in the sec$User system entity and then log into the app with the credentials of the users created with their respective permissions.
I hope someone can help me. Thanks a lot to everyone.
In order to create a new sec$User entity, invoke the Metadata#create() method of the com.haulmont.cuba.core.global.Metadata bean.
Fill necessary fields.
To save new user to the database, use DataManager bean: com.haulmont.cuba.core.global.DataManager#commit(user)
If you need to login to the application automatically without having user password, you can use the "trusted login" feature.
When in web client, user com.haulmont.cuba.web.Connection bean to login.
When in web service (e.g. portal module) - use the com.haulmont.cuba.security.auth.AuthenticationService service.
And call its login method with TrustedClientCredentials:
#Inject
com.haulmont.cuba.web.auth.WebAuthConfig webAuthConfig;
// ...
authenticationService.login(new TrustedClientCredentials("username", webAuthConfig.getTrustedClientPassword(), Locale.ENGLISH);
See also
https://doc.cuba-platform.com/manual-6.10/login.html#login_additional_eatures
https://doc.cuba-platform.com/manual-6.10/web_login.html
Note that web client is working under the anonymous user until other user logs in. So you will need to add additional permissions to the user (write access to the User entity).
Thanks for the support, very helpful !
I am creating an application which hits an external service (db) to see if a user is authenticated.
so:
User submits username and password -> hit service -> returns false or user row from db
Where i am stuck is i now need to login the user into my laravel app. I am thinking what i need to do is something like:
Auth::login($user);
And mimic Laravels User Object
or recreate laravel's encrypted cookie, so the application thinks the user is logged in.
I do not have/want access to the db that the external service uses. That is not an option
Any ideas on how to do this?
Thanks
Brian
http://laravel.com/docs/4.2/security#manually
If you need to log an existing user instance into your application,
you may simply call the login method with the instance:
$user = User::find(1);
Auth::login($user);
This is equivalent to logging in a user via credentials using the
attempt method.
How can i define custom permisssion to custom portlet for specific user in liferay
I used enviroment liferay 6.1.2 ga3 with jboss
In my custom portlet deploy/undeploy button but how can i give specific permission to that only admin person can access that function any other can not use that
check this link
http://i.imgur.com/Qwfbg2H.png
Can you please elaborate.
I also check this link for reference
and in jsp page for rendering all the datagrid data render through jeasyui and rest API
Removing Custom Permissions/Actions from a Portlet
http://liferayzone.wordpress.com/2013/09/01/liferay-permission-on-custom-portlet/
Liferay allows assigning permissions to roles only, you just cannot do it for single users. You have either define a new role or implement this functionality on your own (not using Liferay's permission system).
Just in case if you would come up with this idea, avoid using creating roles for every user - it is a performance killer. People sometimes try do do this in order to get around the limitations of Liferay's permission system - it is a very bad idea!
This tutorial can help you:
You need to create a resource-action-mapping XML file, and add a new action-key (plain string)
Put it into /src/main/resources/resource-action (name it as default.xml)
Create a portlet.properties file under /src/main/resources
Add the following line: resource.actions.configs=resource-actions/default.xml
Deploy your portlet, and check your new permission under Roles -> Select role -> Define permissions tab
You can check the user permissions with the permissionChecker on your JSP
You need this import: <%# taglib prefix="theme" uri="http://liferay.com/tld/theme" %>
Define objects: <theme:defineObjects />
Now you can use the permissionchecker object:
permissionChecker.hasPermission(scopeGroupId, portletName, scopeGroupId, permissionName)
I'm currently using openAM to protect a small webapp of mine using a Java EE web agent. Someone tries to access the app, they get redirected to the openAM instance, they login, they go to the app. Simple stuff.
What I'd like is for openAM to pass the username that was successfully used to the web app. It's my understanding that "session attributes" should be used for this. When in the admin, I go to my Java EE webagent and open up the "Application" tab to see the "Session Attributes Processing". I see that HTTP_COOKIE is a choice for fetching.
1) is it the case that I should expect to see the username, if properly set up, as plaintext in the cookie?
2) what value do I enter in the session mapping to get the username? How do I find what value in the data store corresponds to this?
Thanks
We are using HTTP_HEADER with our agents. So if you are already using agents (which sounds like you are), then the following should work for you. In OpenAM web console:
Access Control > Top Level Realm > Agents > Web / J2EE / etc. > click on an agent
Application tab > Profile Attributes Processing section > Profile Attribute Fetch Mode:
Click on the "HTTP_HEADER" choice
Profile Attribute Mapping:
Map Key: [uid] ... Corresponding Map Value: uid
Click Add. It should look like [uid]=uid once you've added it. Add any other mapping you need that matches attributes to your backend authentication system. Ours is ldap.
In your web application, retrieve the HTTP Header elements and look for the token. It should look something like this: AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.AAJTSQABMDE.
You can then use the OpenAM REST interface to validate and retrieve attributes associated with the token such as user name, password, cn, etc. To retrieve all attributes, the URL would be like this:
http://<OpenAM_Host>:<Port>/<deploy_uri>/identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.*
You can also specify attributes you want like this:
http://<OpenAM_Host>:<Port>/<deploy_uri>/identity/attributes?subjectid=AQIC5wM2LY4RfckcedfzxGrgVYevbKR-SgBkuemF4Cmm5Qg.*AAJTSQABMDE.*&attributenames=uid&attributenames=userpassword
References:
https://wikis.forgerock.org/confluence/display/openam/Use+OpenAM+RESTful+Services
http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/dev-guide/index/chap-rest.html
1) yes, the agent will create plaintext cookies (and if the user sends malicious ones it will recreate them just fine), however using HTTP_HEADER method to pass on attributes is considered as a better solution (since it's not stored on the client side).
2) Session Attributes Processing only works if you actually stored something in the session. For that you can either use the "User Attribute Mapping to Session Attribute" feature in Authentication All Core Settings or write some custom module to save derivative values. Otherwise if you just want to get the uid of the user, then use Profile Attributes Processing (uid key HTTP_UID value and your app will see a HTTP_UID cookie/header).