Hi,
You could implement it using custom CubaAuthProvider.
First of all, create class SimpleTokenAuthProvider in your web module:
public class SimpleTokenAuthProvider implements CubaAuthProvider {
@Override
public void authenticate(String login, String password, Locale messagesLocale) throws LoginException {
throw new UnsupportedOperationException("Use standard auth only");
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// do nothing
}
@Override
public void destroy() {
// do nothing
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
// here we will implement SSO logic for simple hard-coded token
}
}
We will use two additional internal classes: SimpleTokenPrincipalImpl and ServletRequestWrapper.
SimpleTokenPrincipalImpl will be implementation of java.security.Principal:
public static class SimpleTokenPrincipalImpl implements Principal {
private final String userName;
public SimpleTokenPrincipalImpl(String userName) {
this.userName = userName;
}
@Override
public String getName() {
return userName;
}
}
ServletRequestWrapper will extend javax.servlet.http.HttpServletRequestWrapper:
public static class ServletRequestWrapper extends HttpServletRequestWrapper {
private final SimpleTokenPrincipalImpl principal;
public ServletRequestWrapper(HttpServletRequest request, SimpleTokenPrincipalImpl principal) {
super(request);
this.principal = principal;
}
@Override
public Principal getUserPrincipal() {
return principal;
}
}
In fact, any CubaAuthProvider is a HttpFilter that is invoked on each HTTP request.
We will check request parameter “token” and if it is a correct token, then login user as passed user name.
For instance: http://localhost:8080/app?token=LOG_IN_ME_PLEASE&user=admin will login as “admin”.
Our auth logic:
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpSession session = httpRequest.getSession();
HttpServletResponse httpResponse = (HttpServletResponse) response;
// check token and redirect if it is correct
if (request.getParameter("user") != null
&& "LOG_IN_ME_PLEASE".equals(request.getParameter("token"))) {
SimpleTokenPrincipalImpl sessionPrincipal = new SimpleTokenPrincipalImpl(request.getParameter("user"));
session.setAttribute(TOKEN_PRINCIPAL_SESSION_ATTR, sessionPrincipal);
httpResponse.sendRedirect(httpRequest.getRequestURL().toString());
return;
}
// session already have principal, use wrapped HttpServletRequest
SimpleTokenPrincipalImpl principal = (SimpleTokenPrincipalImpl) session.getAttribute(TOKEN_PRINCIPAL_SESSION_ATTR);
if (principal != null) {
HttpServletRequest authenticatedRequest = new ServletRequestWrapper(httpRequest, principal);
chain.doFilter(authenticatedRequest, response);
return;
}
// there is no SSO attributes, just use standard behaviour
chain.doFilter(request, response);
You can find this demo project on GitHub: GitHub - cuba-labs/sso-login-by-token
Hope it will help you to develop your own auth integration.