问题
I'm using an external token service to validate my users and they then get redirected to the portal (portal url + some get parameters).
Now I would like to log these users in the portal.
Since the external authentication service is outside of my control I can't just tie it in with the portal login. And since I can't decrypt the portal user account password I can't just create an ext-plugin and log in through that.
So I searched a bit and stumbled upon the fact that liferay has an autologin.
Now I was wondering:
- can I just use this in a normal portlet, or does it also need to be in ext (still don't know how to exactly do that)
- which session variables/cookies do I need to make?
- does anyone have a code snippet/tutorial since I have yet to find a complete one.
- how feasible is this when keeping future versions of liferay in mind?
回答1:
What's this "external token service"? Is it an SSO (Single Sign On) system that Liferay happens to work with out of the box?
Take a look at liferay's web.xml - there's a lot of SSO filters in there - you'll find the implementation in liferay's source code. These filters are used for handling SSO systems and do everything that's necessary to log someone in without username/password validation in the portal itself. You might be able to find the variant that best suites your needs here.
回答2:
Create your own filter (implements com.liferay.portal.security.auth.AutoLogin):
public class YourAutoLogin implements AutoLogin {...}
and implement login method with code:
public String[] login(HttpServletRequest req, HttpServletResponse resp)
throws AutoLoginException {
...
req.getSession().setAttribute(WebKeys.USER_ID,
Long.valueOf(authenticatedUserId));
...
}
where authenticatedUserId is equal to ID of the authenticated user in Liferay directory.
Add you filter as hook (file /WEB-INF/classes/portal.properties in your web app):
auto.login.hooks=com.company.filter.YourAutoLogin
来源:https://stackoverflow.com/questions/4118434/liferay-portlet-how-to-use-autologin-alternatives-also-welcome