I am trying to implement the same logic within my existing project (although changed doLogin(String login, String password, Locale locale) to doLogin(Credentials cred)) and everything seems to work with the exception of the following code within the doLogin function:
ExtUser user = dataManager.load(LoadContext.create(ExtUser.class)
.setQuery(
new LoadContext.Query("select u from sec$User u where u.loginLowerCase = :login")
.setParameter("login", ((LoginPasswordCredentials) cred).getLogin().toLowerCase())
)
.setView(View.LOCAL)
);
This always returns a ‘user’ value of null within the ext-login screen. I have tried the code under a different page within the project on a button click and it returns the value as I would have expected. I have also tried a different (working) loadcontext.query for a different entity and this also returns null within the doLogin function of the ext-login screen.
Is there something I am missing with the ext-login screen to enable this query to work.
If a user is not logged in system uses anonymous session with very limited permissions. If you want to load data on login window you should grant permissions on required entities to Anonymous role.
Yes, the right place for custom authentication is AuthenticationProvider, but sometimes we need additional logic in UI (for instance for social networks)
Yes, that is the correct way to set permissions. Do not forget to include them (SQL inserts for Anonymous role) into 30.create-db.sql script, in case you create DB from scratch.
It is a very practical solution but undermines the change that was made in one of the latest platform updates to prevent the anonymous user from misuse in retrieving information from the backend. Don’t know if that’s of any concern but as you aim for 2FA I do think it is something to consider.