i use a Liferay based website and try to implement a login hook which prevents a user login under certain conditions. I want to make it as simple as possible like:

    @Override
    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
    {
        if (condition)
        {
            //redirect to login page, send a message back but just don't let the user login
            //but don't block or ban him either.
        }
    }

It has to look like a wrong password error, but it has to be on portal side, before the user even logins (therefore PreLoginAction class)

Edit: Okay, i used the logout and redirect method to go back to the login page. But i still want to generate a error message. I tried it like this

    @Override
    public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException
    {
        if (condition)
        {
            SessionErrors.add(request, "error");
            response.sendRedirect("/c/portal/logout");
        }
    }

and for the login.jsp i added the top line, but i guess its not working like that for the Login Actions. There is no error message showing

<liferay-ui:error key="error" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= AuthException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= CompanyMaxUsersException.class %>" message="unable-to-login-because-the-maximum-number-of-users-has-been-reached" />
<liferay-ui:error exception="<%= CookieNotSupportedException.class %>" message="authentication-failed-please-enable-browser-cookies" />
<liferay-ui:error exception="<%= NoSuchUserException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= PasswordExpiredException.class %>" message="your-password-has-expired" />
<liferay-ui:error exception="<%= UserEmailAddressException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserLockoutException.class %>" message="this-account-has-been-locked" />
<liferay-ui:error exception="<%= UserPasswordException.class %>" message="authentication-failed" />
<liferay-ui:error exception="<%= UserScreenNameException.class %>" message="authentication-failed" />

Is there another way? i also tried the line

request.getSession().setAttribute("loginError", "failure message");

and tried to read ${loginError} in the jsp, but its also not working.

2 Answers

1
Radouane ROUFID On

You can simply redirect the user to response.redirect("/c/portal/logout") which will actually logout the user and redirect him to the home page.

If you want to programmatically logout the user yourself and then redirect, you can use the following code :

    @Override
public void run(HttpServletRequest request, HttpServletResponse response) throws ActionException {

    if (condition) {

        // Whatever here ...

        // Logout the user.
        request.getSession().invalidate();

        // Redirect
        response.redirect(<YOUR_PAGE>)
    }
}
0
Romeo Sheshi On

You can use the authetication pipeline you can make an authenticator that check the conditions

public class CustomAuth implements Authenticator {
    @Override
    public int authenticateByEmailAddress(long companyId, String emailAddress, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }

    @Override
    public int authenticateByScreenName(long companyId, String screenName, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }

    @Override
    public int authenticateByUserId(long companyId, long userId, String password, Map<String, String[]> headerMap, Map<String, String[]> parameterMap) throws AuthException {
        return 0;
    }
}

an add your authenticator to the pipeline in portal.properties

auth.pipeline.pre=package.CustomAuth

or

auth.pipeline.post=package.CustomAuth

Or you can use a Authentication Verifier

public class CustomVerifier implements AuthVerifier{
    @Override
    public String getAuthType() {
        return null;
    }

    @Override
    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        return null;
    }
}

and configure it to the pipeline in portal.properties

auth.verifier.pipeline=

In your case maybe the best choice is the AuthVerifier