8/10/2011

How to change the Liferay Login Module / Authentication Pipeline

If you want to change the Login Module, Liferay uses, or you want to add LDAP authentication to your liferay system, you need to use the liferay authentication pipeline.


To configure your pipeline, you have to take a look into your portal.properties. You will find the following properties:



auth.pipeline.enable.liferay.check=false
auth.pipeline.pre=de.test.auth.RefuseAuthenticator



Those configure the authentication pipeline. The first one disables the standard liferay behaviour to authenticate vs. its configured database. The second tells liferay which classes to use to verify name/password combinations. You can enter as much Authenticators as you want and they will be processed sequentially.


Every Authenticator must implement the interface com.liferay.portal.security.auth.Authenticator. If you take a look you will know what you have to do: The methods authenticateByEmailAddress, authenticateByScreenName and authenticateByUserId are self explanatory.


Here is an example of a RefuseAuthenticator that will refuse every user. Not very useful but it shows how an implemented Authenticator may look like:


package de.test.auth;

import java.util.Map;
import com.liferay.portal.security.auth.AuthException;
import com.liferay.portal.security.auth.Authenticator;

public class RefuseAuthenticator implements Authenticator {

public int authenticateByEmailAddress(long arg0, String arg1, String arg2, Map<String, String[]> arg3, Map<String, String[]> arg4) throws AuthException {

    System.out.println("failed by mail");
    return FAILURE;
}

public int authenticateByScreenName(long arg0, String arg1, String arg2, Map<String, String[]> arg3, Map<String, String[]> arg4) throws AuthException {

    System.out.println("failed by screen name");
    return FAILURE;
}

public int authenticateByUserId(long arg0, long arg1, String arg2, Map<String, String[]> arg3, Map<String, String[]> arg4) throws AuthException {

    System.out.println("failed by user id");
    return FAILURE;
}

}




If you add the lines to your portal-ext.properties and provide the class with your ext environment you should not be able to log into liferay anymore.


If you like this tutorial it would be very nice, if you could click on some of the google ads you see on the right side. It helps me run this block and motivates me ;)

If you have any questions, feel free to leave a comment.