Hello Team,
I have added user’s externally (via JDBC) instead of adding it through cuba application. I do the password hashing using a salt with SHA-1 algorithm and save it to the db. The user’s has been added successfully to the application (inside “SEC_USER” table) but I have to pass the authentication layer to allow the login.
I have to do the authentication for the user’s who has not been authenticated manually via LoginPasswordAuthenticationProvider.
I have added an external app login window to override doLogin():
public class ExtAppLoginWindow extends AppLoginWindow {
@Override
protected void doLogin() {
super.doLogin();
}
@Override
protected void doLogin(Credentials credentials) throws LoginException {
// add pre-process
//super.doLogin(credentials);
// add post-process steps
super.doLogin(credentials);
// do authentication for the users
}
}
I need to add a logic to do the following,
-
get all non-authenticated user’s
-
do the authentication for those who has not been authenticated.
-
after authentication, allow them to login to the application.
I also have a class which extends LoginPasswordAuthenticationProvider:
public class AdminAuthenticationProvider extends LoginPasswordAuthenticationProvider
implements AuthenticationProvider {
private static final Logger log = LoggerFactory.getLogger(AdminAuthenticationProvider.class);
@Inject
public AdminAuthenticationProvider(Persistence persistence, Messages messages) {
super(persistence, messages);
}
@Override
public AuthenticationDetails authenticate(Credentials credentials) throws LoginException {
LoginPasswordCredentials loginAndPassword = (LoginPasswordCredentials) credentials;
if (!"admin".equals(loginAndPassword.getLogin())) {
// if it's not admin, check for the authentication and allow them to login
throw new LoginException("Only admin is allowed to login");
}
return super.authenticate(credentials);
}
Regards,
Sanchit