I'm creating a custom user storage using the User storage SPI
My problem here is that that addUser function is not called.
When i try to add a user, the function getUserByNickName is directly called but do not find any user.
Related
I'm making a simple spring boot application and I want to incorporate filtering data by logged-in user or user session. But I don't know what is the best way to set up the application in a way that every user can access data specific to him. I have made the authentification and authorization part of the app.
I'm also working on that kind of application and I've done this by adding as argument#AuthenticationPrincipal CustomUserDetails userDetails to method where you want to get userId. Then you can call: Integer userId = userDetails.getUserId();
So for example something like this:
#GetMapping("/demo")
public String showTemplate(#AuthenticationPrincipal CustomUserDetails userDetails) {
Integer userId = userDetails.getUserId();
return "index";
}
And then you can do with this userId whatever you want. For example, create method in repository findByUserId
I am building a Worklight 6.2 adapter that uses Java. I am also using authentication through custom login and authenticator Java code by implementing WorkLightAuthLoginModule and WorkLightAuthenticator. The authentication all works fine.
My adapter code is implemented in the getProtectedAssets static method of class com.myStuff.myClass and is called from the adapter implementation with
var returnval = com.myStuff.myClass.getProtectedAssets();
getProtectedAssets requires a username and password to connect to a back-end system. Currently I have those hard-coded in the method for testing, but I need to retrieve them from the Worklight session, presumably through the UserIdentity object I set in my custom login module's createIdentity method.
Is there some way to get access to the user identity from within the adapter Java code?
Use the WL.Server.getActiveUser() method.
More information about this method can be found here:
https://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.0.0/com.ibm.worklight.help.doc/apiref/r_method_wl_server_getactiveuser.html?lang=en
I'm working on application that allows user to perform some actions as guest. Results are stored in the session. I would like to inject data from guest session to authenticated user session. E.g.:
Guest user adds something to cart, etc
User decides to authenticate
After authentication cart is restored from the previous session (i.e. passed between them)
Is there a place where I can get both old and new user session to copy attributes from one to another?
This can be achieved by using:
<security:session-management session-fixation-protection="none"/>
I have the following requirements for authenticating a user with Shiro:
Username and password must match with that stored in the database. If the username and password do not match then an error message should be displayed indicating authentication failure.
Account must be active - a user activates their account via an activation email. If the user's account is not active then an error message should be displayed indicating that they have not clicked the activation email.
Account must not be expired - user accounts have an expiry date. If the user's account is expired then an error message should be displayed indicating account expiry.
Note: there are two databases for storing user information. One of them stores authentication information (username, and password) and the other database stores information like when the account expires.
I can easily accomplish the first requirement simply by configuring a JDBC realm in shiro.ini.
I'm guessing some custom Java logic needs to be implemented to accomplish requirements 2 and 3. Any hints about how to implement the above? Would I need to implement a custom realm?
One way to do this is indeed creating a custom realm.
We had some custom demands aon authentication as well. We implemented this by creating our own custom realm implementation. We extended AuthorizingRealm and overridden the doGetAuthenticationInfo method to check if a user can be checked for logging in. You can put your cases 2 & 3 there.
If you only use shiro in a web environment, you might consider overriding the standation authc filter and override the isAccessAllowed method we you can implement some custom redirection if the user is not yet activated or expired.
Hello guys i read a lot about Spring-Social and i have a question. What is a parameter "userLocalId" in signIn method of SignInAdapter where it takes this id? I register user via facebook by fetching it information in register form. After this i want that he press signIn_button(facebook signIn) and have access to my site.
Should i do something like this: in SignInAdapter i getting connection to facebook and compare it's social information with fields in my users table?
The Spring Social Integration has 3 parts.
Signup
In Signup a local user is created based on the information provided by the provider
Connect
In connect we map a local user to the openID user
Signin
In signin we allows a openId authenticated user to log in to our application
Signin
In signin the SigninAdapter is used to load the local user so that the Spring Security layer can use it. Here the localUserId parameter will point to the Id of the user in our application. So in the adapter we need to load this user as an org.springframework.security.core.userdetails.User and set it to the SecurityContext.
ex:
LocalUser lu = getLocalUser(localUserId); // Load the local user from database
User user = new User(lu.username, lu.password, lu.authorities)
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(result);
Connect
Spring Social Providers a org.springframework.social.connect.web.ConnectController which will help us to link a local user to a openId user.
It requires you to send a POST request to /connect/<provider>, this will redirect the user to the login page of the provider where the user has to autherize the application.