It might be that weblogic cleans out Principal coming from magnolia as it doesn't understand/trust it. You can try to put magnolia jaas config file into WLS domain directory as described http://wiki.magnolia.info/display/WIKI/HowTo+JAAS+on +Weblogic and see if it improves the situation. If it doesn't help you might have to configure security section in you magnolia web.xml to have it propagated through weblogic context and be able to share it via different webapps.
HTH, Jan On Thu, 2008-04-03 at 22:08 -0400, Vaughan, Dallas wrote: > Thanks for the reply, Gregory. > > JAAS works fine with custom login (I successfully implemented a LoginModule > that uses the magnolia login form to login using external authentication), > and during login to Magnolia, a Magnolia User is created based on the > credentials of the external user. > > However, we still need to be able to allow a user to log into another web-app > on the server, and when the user navigates to Magnolia, have Magnolia > automatically create a User in the same manner (except without having to > login to Magnolia explicitly). I tried to do this by testing (within our > custom LoginModule) if the Principal returned by request.getUserPrincipal() > is an instance of our custom Principal, but it returns null for some reason. > > We've implemented this type of functionality in many of our web apps (using > the same User Principal across application contexts), yet for some reason > when request.getUserPrincipal() is called within Magnolia it returns null. > It may be that it has something with how differently Weblogic handles > administration console-based (i.e., ours) and "pure" JAAS-based (i.e., > Magnolia's) authentication. If anyone can shed light on this, please do :-/ > > Thanks again, > > Dallas Vaughan > > > -----Original Message----- > > From: [email protected] [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, April 02, 2008 5:36 AM > > To: [email protected] > > Subject: Re: [magnolia-user] External Authentication > > > > Hi Dallas, > > > > SecuritySupport is one of the many beans configured through the > > config workspace in Magnolia. In this case, the nodes are at /server/ > > security. Have a look under the userManagers node in there and you'll > > see 2 sub nodes in the default configuration, 3 if you added EE's > > ldap module. This is where you might want to add your own UM. You > > should be aware, however, that Magnolia is already using jaas by > > default, so you might just need to re-configure jaas instead. > > > > hth, > > > > -g > > > > On Apr 1, 2008, at 19:05 , Vaughan, Dallas wrote: > > > Not sure if this should be posted to user or dev, but my question is: > > > > > > How does one create and use a custom UserManager? Basically, we > > > are trying to use a JAAS-authenticated subject to auto-login to > > > Magnolia and creating a User object with the correct Magnolia > > > permissions/roles (by adding them programmatically based on our own > > > Principals). > > > > > > Looking at http://jira.magnolia.info/browse/MAGNOLIA-1707 it seems > > > there is an enhancement to allow custom UserManagers, and to allow > > > specification of the realm. I guess this happens through > > > SecuritySupport.addUserManager(String realm, UserManager um), but > > > there is no documentation on how this gets added (there are no > > > callers of this method within the codebase). Is it configured > > > dynamically in the userManagers node? > > > > > > Is there any documentation on how to use the SecuritySupport and > > > UserManager classes to support external authentication/ > > > authorization? If not, can someone give a rundown on this? > > > > > > Thanks, > > > > > > Dallas Vaughan > > > > > > No virus found in this outgoing message. > > > Checked by AVG. > > > Version: 7.5.519 / Virus Database: 269.22.3/1354 - Release Date: > > > 4/1/2008 5:38 AM > > > > > > > > > ---------------------------------------------------------------- > > > for list details see > > > http://documentation.magnolia.info/ > > > ---------------------------------------------------------------- > > > > > > ---------------------------------------------------------------- > > for list details see > > http://documentation.magnolia.info/ > > ---------------------------------------------------------------- > > No virus found in this outgoing message. > Checked by AVG. > Version: 7.5.519 / Virus Database: 269.22.5/1357 - Release Date: 4/3/2008 > 10:48 AM > > > ---------------------------------------------------------------- > for list details see > http://documentation.magnolia.info/ > ---------------------------------------------------------------- ---------------------------------------------------------------- for list details see http://documentation.magnolia.info/ ----------------------------------------------------------------
