Programmatically logging-in within a OpenURL WebEngine Project

Hi All,

I am trying to programmatically log-in from a WebEngine project context. The WebEngine's URL is configured as OpenURL using the OpenUrl extension point of PluggableAuthenticationService([OpenUrl]).

In the first view, WebContext(ctx).getPrincipal() returns null. At this point I need to login to the nuxeo with a pre-configured user so that I have a valid CoreSession on subsequent request. A call like WebContext(ctx).getCoreSession() throws exception like “Un-authenticated user trying to access core-session.”

Following are the steps I already tried with no success:

1)

LoginContext lc = Framework.login(loginId, password);

Result: The logged-in users context is not propagated down the layers so that next time I call getCoreSession() I get the above exception.

2)

LoginContext lc = Framework.login(loginId, password); 
request = wrapRequest(request, lc); // Uses HttpServletRequestWrapper

Result: Same exception.

3)

UserManager userManager = Framework.getService(UserManager.class);
NuxeoPrincipalImpl userPrin = (NuxeoPrincipalImpl)userManager.authenticate(loginId, password);

Result: The logged-in users context is not propagated down the layers.

4) Tried to use nuxeo-automation-client from inside the WebEngine by adding the respective jars, but get exception:

 ERROR [org.nuxeo.ecm.webengine.app.WebEngineExceptionMapper] Exception in JAX-RS processing
java.lang.NoClassDefFoundError: org/nuxeo/ecm/automation/client/jaxrs/impl/HttpAutomationClient

What am I doing wrong. I can't find any API which does this. Or may be I am calling the wrong sequence of API calls. Please help.

Note:

A similar question was also asked in Nuxeo forums(Nuxeo Forum Question) on January 2009, he was directed to read Nuxeo book Chapter 10, but no concrete answer. I have read the above chapter thoroughly. But can't see how this chapter can be help to me here.

Kindly help.

Regards

Nataraj

0 votes

3 answers

2419 views

ANSWER



Hi Nataraj, You could also use an UnrestrictedSessionRunner instantiated with the repository name instead of a CoreSession. You can find an example in this module: https://github.com/ldoguin/nuxeo-userpassword-reset

1 votes



Thanx Laurent,

That is interesting that something like this is already there, I think github is better place to search for code example rather than my local copy of nuxeo 5.6 clone :-)

Thanx again. Next time when I change my implementation I would use the approach as you indicated.

Regards Nataraj

0 votes




For the benefit of others, here I am listing my current solution, although I am not sure whether this is the right usage idiom:

  1. WebContext(ctx).getCoreSession(), i.e., ctx.getCoreSession() will always return invalid CoreSession. Since user login context is not available.

  2. The solution is to use CoreSession class by itself, like this:

    RepositoryManager repoMgr = Framework.getService(RepositoryManager.class);
    CoreSession cs = repoMgr.getRepository("default").open();
    

This way you get the CoreSession object and can do your usual stuff. But it's a good idea to do the following also:

    LoginContext lc = Framework.loginAsUser(userId);
    NuxeoPrincipal principal = (NuxeoPrincipal) Framework.getService(
            UserManager.class).authenticate(userId, password);

This will help in checking permission etc.

But regarding the WebEngine infrastructure their is bad news. No inbuilt APIs of WebEngine is going to work. Like for e.g.,

    ctx.getCoreSession();
              OR
    ctx.getUserSession();
              OR
    ctx.setProperty()

It seems the context information in the WebEngine is totally null. Simple solution can be QueryString or Hidden Form Input field to pass state variables between different view methods.

I am not sure whether this is right and safe way to do this. I hope there is a better way.

Please if you know of any, let me know.

Regards Nataraj

0 votes