在CQ5中实现自定义AuthenticationHandler

时间:2013-02-28 07:03:57

标签: osgi cq5

我想要一个远程系统来为我们的CQ5进行用户身份验证。我猜测路径上的AuthenticationHandler是方向。如果是这样,AuthenticationHandler一般如何工作。而且,在CQ5中,我如何实现Custom AuthenticationHandler?如何将其作为OSGi包(或片段包)并将其安装到CQ5中?

如果可能的话,一些带有OSGi清单的代码示例表示赞赏。

2 个答案:

答案 0 :(得分:2)

您可以找到Sling AuthenticationHandler如何工作的说明here。您还可以查看Sling FormAuthenticationHandler来源以获取示例。您可以在maven-bundle-plugin的配置下,在项目的POM file中查看OSGi配置的详细信息。

如果您只需要检查密码或同步用户帐户,则可以使用custom CQ5 LoginModule

答案 1 :(得分:1)

我首先要查看长耳兔AbstractLoginModule http://jackrabbit.apache.org/api/2.4/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.html

我有一个自定义解决方案/片段包的例子,但它有很多部分。我们正在实施来自Gigya的东西(社交网络登录)。

我们还有一些实现MyAbstractLoginModule的其他类。如果您需要,我可以深入挖掘并为您提供更多示例。希望这可以让你开始走正确的道路。

public abstract class MyAbstractLoginModule extends AbstractLoginModule {
    static private final Logger logger = LoggerFactory.getLogger(MyAbstractLoginModule.class);
    protected Session session;
    protected UserManager userManager;
    protected ValueFactory valueFactory;
    protected long tokenExpiration = 7200000L;

    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
        if (options.containsKey("tokenExpiration")) {
            try {
                this.tokenExpiration = Long.parseLong(options.get("tokenExpiration").toString());
                logger.debug("- Token expiration -> '" + this.tokenExpiration + "'");
            } catch (NumberFormatException e) {
                logger.warn("Unabled to parse token expiration: ", e);
            }
        }
        super.initialize(subject, callbackHandler, sharedState, options);
    }

    /**
    * Initiates the login module
    *
    * @param ch
    * @param ses
    * @param map
    * @throws LoginException
    */
    @Override
    protected void doInit(CallbackHandler ch, Session ses, Map map) throws LoginException {
        logger.trace("doInit");

        SessionImpl session = (SessionImpl) ses;

        try {
            this.session = session;
            this.userManager = session.getUserManager();
            this.valueFactory = session.getValueFactory();
        } catch (RepositoryException e) {
            throw new LoginException("Unable to retrieve principal editor: " + e.toString());
        }
    }

    /**
    * Impersonates users
    *
    * @param prncpl
    * @param c
    * @return
    * @throws RepositoryException
    * @throws LoginException
    */
    @Override
    protected boolean impersonate(Principal prncpl, Credentials c) throws RepositoryException, LoginException {
        Authorizable authrz = this.userManager.getAuthorizable(principal);
        if ((authrz == null) || (authrz.isGroup())) {
            return false;
        }
        Subject impersSubject = getImpersonatorSubject(credentials);
        User user = (User) authrz;
        if (user.getImpersonation().allows(impersSubject)) {
            return true;
        }
        throw new FailedLoginException("attempt to impersonate denied for " + principal.getName());
    }

    @Override
    protected boolean isPreAuthenticated(Credentials creds) {
        return false;
    }
}
相关问题
最新问题