[opencms-dev] Auto-login a user in OpenCms without kowing his password
Stephan Hartmann
hartmann at metamesh.de
Tue Nov 19 19:27:19 CET 2013
Hi Antoine,
I guess the CmsSessionManager.switchUser method does not work because it
requires the new user to have the workplace role.
It seems that it is really only intended for admins that are logged in to
the workplace.
However, the method is a good starting point for implementing the SSO.
Here is what I did (note that I slightly improved the code while writing
this without testing it ;)):
// you need a CmsObject with Admin rights. You can get it
with a module action class
CmsUser newUser = adminCms.readUser("username");
// req is the current HttpServletRequest
CmsSessionInfo info =
OpenCms.getSessionManager().getSessionInfo(req);
// TODO: check for null
// ctx is the CmsRequestContext of the current request
// project usually is the online project, siteRoot the root
folder of the site
ctx.setSiteRoot(siteRoot);
ctx.setCurrentProject(project);
ctx.setOuFqn(newUser.getOuFqn());
// project usually is the online project, siteRoot the root
folder of the site
CmsRequestContext context = new CmsRequestContext(newUser,
project, null, siteRoot, null, null, null, 0, null,
null, newUser.getOuFqn());
// create a new CmsSessionInfo
CmsSessionInfo sessionInfo = new CmsSessionInfo(
context, info.getSessionId(),
info.getMaxInactiveInterval());
// here comes the tricky part (see below)
OpenCmsAccess.addSessionInfo(sessionInfo);
In the last line, you would need to call
OpenCms.getSessionManager().addSessionInfo(CmsSessionInfo sessionInfo),
however this method is protected, so you cannot call it directly from your
code but only from code that is located in the org.opencms.main package. So
I created this little class in that package:
package org.opencms.main;
import javax.servlet.http.HttpServletRequest;
import org.opencms.file.CmsRequestContext;
public class OpenCmsAccess {
public static void addSessionInfo(CmsSessionInfo sessionInfo) {
OpenCms.getSessionManager().addSessionInfo(sessionInfo);
}
public static void updateSessionInfo(HttpServletRequest req,
CmsRequestContext ctx) {
CmsSessionInfo info =
OpenCms.getSessionManager().getSessionInfo(req);
if (info != null) info.update(ctx);
}
}
HTH,
Stephan
2013/11/19 Antoine PINEAU <a.pineau at eurelis.com>
> Hello All,
>
>
>
> In order to implement an SSO mechanism, I wanted to know how to
> automatically log in a user in OpenCms without knowing his password.
>
>
>
> I tried to login as an Administrator (with user/password) and then
> performing a switchUser, but unfortunately it does not work.
>
> If somebody has already succeeding in performing this functionnality, it
> would be great to share the experience and piece of code.
>
>
>
> Thanks in advance.
>
>
>
> Best Regards
>
> *--*
>
> *Antoine PINEAU*
>
> *Eurelis*
>
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20131119/1c9e6aff/attachment.htm>
More information about the opencms-dev
mailing list