Programmatically logging-in within a OpenURL WebEngine Project

Hi All,

I am trying to programmatically log-in from a WebEngine project context. The WebEngine's URL is configured as OpenURL using the OpenUrl extension point of PluggableAuthenticationService([OpenUrl]).

In the first view, WebContext(ctx).getPrincipal() returns null. At this point I need to login to the nuxeo with a pre-configured user so that I have a valid CoreSession on subsequent request. A call like WebContext(ctx).getCoreSession() throws exception like “Un-authenticated user trying to access core-session.”

Following are the steps I already tried with no success:


LoginContext lc = Framework.login(loginId, password);

Result: The logged-in users context is not propagated down the layers so that next time I call getCoreSession() I get the above exception.


LoginContext lc = Framework.login(loginId, password); 
request = wrapRequest(request, lc); // Uses HttpServletRequestWrapper

Result: Same exception.


UserManager userManager = Framework.getService(UserManager.class);
NuxeoPrincipalImpl userPrin = (NuxeoPrincipalImpl)userManager.authenticate(loginId, password);

Result: The logged-in users context is not propagated down the layers.

4) Tried to use nuxeo-automation-client from inside the WebEngine by adding the respective jars, but get exception:

 ERROR [] Exception in JAX-RS processing
java.lang.NoClassDefFoundError: org/nuxeo/ecm/automation/client/jaxrs/impl/HttpAutomationClient

What am I doing wrong. I can't find any API which does this. Or may be I am calling the wrong sequence of API calls. Please help.


A similar question was also asked in Nuxeo forums(Nuxeo Forum Question) on January 2009, he was directed to read Nuxeo book Chapter 10, but no concrete answer. I have read the above chapter thoroughly. But can't see how this chapter can be help to me here.

Kindly help.



0 votes

3 answers



Hi Nataraj, You could also use an UnrestrictedSessionRunner instantiated with the repository name instead of a CoreSession. You can find an example in this module:

1 votes

Thanx Laurent,

That is interesting that something like this is already there, I think github is better place to search for code example rather than my local copy of nuxeo 5.6 clone :-)

Thanx again. Next time when I change my implementation I would use the approach as you indicated.

Regards Nataraj

0 votes

For the benefit of others, here I am listing my current solution, although I am not sure whether this is the right usage idiom:

  1. WebContext(ctx).getCoreSession(), i.e., ctx.getCoreSession() will always return invalid CoreSession. Since user login context is not available.

  2. The solution is to use CoreSession class by itself, like this:

    RepositoryManager repoMgr = Framework.getService(RepositoryManager.class);
    CoreSession cs = repoMgr.getRepository("default").open();

This way you get the CoreSession object and can do your usual stuff. But it's a good idea to do the following also:

    LoginContext lc = Framework.loginAsUser(userId);
    NuxeoPrincipal principal = (NuxeoPrincipal) Framework.getService(
            UserManager.class).authenticate(userId, password);

This will help in checking permission etc.

But regarding the WebEngine infrastructure their is bad news. No inbuilt APIs of WebEngine is going to work. Like for e.g.,


It seems the context information in the WebEngine is totally null. Simple solution can be QueryString or Hidden Form Input field to pass state variables between different view methods.

I am not sure whether this is right and safe way to do this. I hope there is a better way.

Please if you know of any, let me know.

Regards Nataraj

0 votes