By using Authentication Pipeline we can write our own custom authentication logic. We can conditionally validate user based on some condition. In this article we will create our custom Authenticator implementing liferay com.liferay.portal.security.auth.Authenticator interface in the form of Hook.
1. liferay-hook.xml
<?xml version="1.0"?> <!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd"> <hook> <portal-properties>portal.properties</portal-properties> </hook>
2.portal.properties
auth.pipeline.pre=com.proliferay.CustomAuthenticator
This classes i.e., CustomAuthenticator will run before or after the portal authentication begins.
3. CustomAuthenticator .java
package com.proliferay;
import java.util.Map;
import com.liferay.portal.security.auth.AuthException;
import com.liferay.portal.security.auth.Authenticator;
public class CustomAuthenticator implements Authenticator {
@Override
public int authenticateByEmailAddress(long companyId, String emailAddress,
String password, Map<String, String[]> headerMap,
Map<String, String[]> parameterMap) throws AuthException {
/**
* All your logic will go here
*/
return SKIP_LIFERAY_CHECK;
}
@Override
public int authenticateByScreenName(long companyId, String screenName,
String password, Map<String, String[]> headerMap,
Map<String, String[]> parameterMap) throws AuthException {
return DNE;
}
@Override
public int authenticateByUserId(long companyId, long userId,
String password, Map<String, String[]> headerMap,
Map<String, String[]> parameterMap) throws AuthException {
return DNE;
}
}
In the above code we have not written any logic. Deploy the hook and try to log in with wrong password. If the user name is correct it will allow to login because we have returned SKIP_LIFERAY_CHECK.
Note 1:
There are three methods in the above code. Liferay user can be authenticated three ways. First is by emailAddress, second is by screenName and third one is by userId. So based on our portal settings only single method will be called . To know more about it follow the below article
Note 2:
There are 4 constants in the Authenticator interface
public static final int DNE = 0; public static final int FAILURE = -1; public static final int SKIP_LIFERAY_CHECK = 2; public static final int SUCCESS = 1;
The class which implements Authenticator interface must return one of the above constants. Here are the use of all the constants.
SUCCESS : If authentication is successful, return SUCCESS
FAILURE: If the user exists but the passwords do not match, return FAILURE
DNE: If the user does not exist on the system, return DNE.
SKIP_LIFERAY_CHECK : In the pre-authentication pipeline, if you want to skip password checking by the internal portal authentication, the authenticator should return SKIP_LIFERAY_CHECK. This is needed if passwords are not imported to the portal
Note 3:
In case you have several classes in the authentication pipeline, all of them have to return SKIP_LIFERAY_CHECK or SUCCESS if you want the user to be able to login. If one of the authenticators returns DNE OR FAILURE, the login fails.
Download Source Code: