Details
-
Task
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
Description
I'm working on a setup with external users. There are two scenarios there:
- I create users on the fly without an UserManager
- I have a custom UserManager acting as a proxy between Magnolia and, for instance, an LDAP server
This is at least what Richard Unger mentions in the following page: http://magnolia.10149.n7.nabble.com/How-to-instantiate-a-User-to-call-MgnlContext-login-mgnlUser-td38527.html
Then, if your users are external to magnolia, you have 2 ways to go after this:
1) Set up an external user manager which connects to your external user data-source to read users.
In this case you don't need to do any more work. If your ExternalUserManager is correctly set up (you can browse the users in magnolia's users tree), the rest should then just work.2) Create the External User "on the fly". Extend the JCRAuthenticationModule for JAAS, and instead of looking up the user, just create the user (as an ExternalUser) and add roles and groups as needed. The JCRAuthorizationModule should then pick up those roles and groups, and set up the ACLs correctly.
I have gone with option 1. This setup is working well except in info.magnolia.task.persistence.TasksStoreImpl#prepareQueryStatementByUserAndStatuses
Where securitySupport.getUserManager().getUser(userId).getAllGroups() throws an NPE, preventing the whole UI from displaying (see stack.txt).
I suggest to wrap an optional around the call to get the UserManager.