I would like to verify the login username and password using my internal database. I created a custom CubaAuthProvider and registered it in web-app.properties and it seems to work.
cuba.web.externalAuthentication = true
cuba.web.externalAuthenticationProviderClass = com.company.tasek.web.MyAuthProvider
But I noticed that I can also login using the password created in Cuba Administration screen not just the one from my internal database. How do I stop this and only validate against my internal database ?
This is my custom AuthProvider.
public class MyAuthProvider implements CubaAuthProvider {
private static final Logger LOG = Logger.getLogger(MyAuthProvider.class.getName());
@Inject
private AuthenticationService authenticationService;
@Override
public void authenticate(String login, String password, Locale messagesLocale) throws LoginException {
LOG.info("Authenticating: " + login + " password: " + password);
authenticationService.authenticate(login,password,messagesLocale);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
}