[MGNLSSO-25] Write a UserManager to create users on the fly Created: 07/May/20  Updated: 07/Jul/20  Resolved: 15/May/20

Status: Closed
Project: Single Sign On
Component/s: None
Affects Version/s: None
Fix Version/s: 1.0

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Maxime Michel
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File stack.txt    
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Epic Link: Magnolia SSO w/ pac4j

 Description   

I'm working on a setup with external users. There are two scenarios there:

  1. I create users on the fly without an UserManager
  2. I have a custom UserManager acting as a proxy between Magnolia and, for instance, an LDAP server

This is at least what Richard Unger mentions in the following page: http://magnolia.10149.n7.nabble.com/How-to-instantiate-a-User-to-call-MgnlContext-login-mgnlUser-td38527.html

Then, if your users are external to magnolia, you have 2 ways to go after this:

1) Set up an external user manager which connects to your external user data-source to read users.
In this case you don't need to do any more work. If your ExternalUserManager is correctly set up (you can browse the users in magnolia's users tree), the rest should then just work.

2) Create the External User "on the fly". Extend the JCRAuthenticationModule for JAAS, and instead of looking up the user, just create the user (as an ExternalUser) and add roles and groups as needed. The JCRAuthorizationModule should then pick up those roles and groups, and set up the ACLs correctly.

I have gone with option 1. This setup is working well except in info.magnolia.task.persistence.TasksStoreImpl#prepareQueryStatementByUserAndStatuses

Where securitySupport.getUserManager().getUser(userId).getAllGroups() throws an NPE, preventing the whole UI from displaying (see stack.txt).

I suggest to wrap an optional around the call to get the UserManager.



 Comments   
Comment by Maxime Michel [ 13/May/20 ]

Status update: Richard Unger's comment is no longer true. It is important in Magnolia 6.0+ that there is a user manager, even if to simply create on the fly users. This ticket is now about adding one to the module.

Generated at Mon Feb 12 10:50:24 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.