Liferay 7.4 JAAS not working - returns to the login screen

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-21T10:28:55Z

and make sure portal-ext.properties file have jaas enabled

portal.jaas.enable=true
portal.jaas.auth.type=userId

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-20T19:14:30Z

Then, in ROOT resin-web.xml - replace login-module class with your custom

<web-app xmlns="http://caucho.com/ns/resin">
	<authenticator type="com.caucho.server.security.JaasAuthenticator">
		<init>
			<login-module>com.liferay.portal.security.jaas.PortalLoginModule</login-module>
			<password-digest>none</password-digest>
		</init>
	</authenticator>
</web-app>

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-20T19:14:36Z

Ok, your new .jar should land to<tomcat>\lib\ext\ folder.

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-20T19:14:43Z

1. This is were the module located in WildFly (JBoss). I have no idea about Tomcat, you have to locate the original place in LR 7.1 version.

2. I am not sure about jboss-deployment file here, as you are working with Tomcat and the file might be differen. Try to locate traces in LR 7.1 ROOT.war

My file looks like

<?xml version="1.0"?>

<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
	<deployment>
		<exclusions>
			<module name="org.apache.log4j" />
			<module name="org.hibernate" />
			<module name="org.slf4j" />
		</exclusions>
		<dependencies>
			<module meta-inf="export" name="uk.co.caci.portal.liferay">
				<imports>
					<include path="META-INF" />
				</imports>
			</module>
			<module name="javax.mail.api" />
			<module name="org.apache.xerces" />
			<module name="org.jboss.modules" />
		</dependencies>
	</deployment>
</jboss-deployment-structure>

The part - <module meta-inf="export" name="uk.co.caci.portal.liferay"> is reference to the WildFly modules. Again - might/should be different from tomcat

3. WildFly config file contains <login-module code="uk.co.caci.portal.liferay.CaciLoginModule" flag="required"/> reference. Again, different from tomcat.

        <subsystem xmlns="urn:jboss:domain:security:2.0">
            <security-domains>
                <security-domain name="PortalRealm">
                    <authentication>
                        <login-module code="uk.co.caci.portal.liferay.CaciLoginModule" flag="required"/>
                    </authentication>
                </security-domain>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="RealmDirect" flag="required">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>

RE: RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-20T18:29:33Z

Hi Alex,

Thanks for the update. I have created a dummy module with above class also added missing files in dummy module like PortalGroup, PortalPrincipal, PortalRole.

Can you please elaborate more on below your mentioned points

Then copied generated jar into wildfly server modules folder (no other dependencies required) - Do means to add created jar into tomcat lib folder?
Then in the ROOT.war altered jboss-deployment - added reference to the new module. - Which file exactly i need to update jboss-deployment-structure file?
In the wildfly config replaced outdated module with my - Here config file - are you refering to jaas.config file?

Thanking you in advance.

Regards,

Fayaj

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-20T13:26:16Z

Ok, see dummy module I created just to maintain the session credentials

package uk.co.caci.portal.liferay;


import java.io.IOException;

import java.security.Principal;

import java.util.Map;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * @author amirren - JAAS implementation to keep EJB context separated for each logged user
 */
public class CaciLoginModule implements LoginModule {

    @Override
    public boolean abort() {
        return true;
    }

    public boolean preCommit() throws LoginException {
        Principal principal = getPrincipal();

        if (principal != null) {
            Subject subject = getSubject();

            Set<Principal> principals = subject.getPrincipals();

            principals.add(getPrincipal());

            return true;
        }

        return false;
    }

    @Override
    public boolean commit() throws LoginException {
        //_log.info("commit");
        boolean commitValue = preCommit();

        if (commitValue) {
            PortalGroup rolesPortalGroup = new PortalGroup("Roles");

            rolesPortalGroup.addMember(new PortalPrincipal("users"));

            Subject subject = getSubject();

            Set<Principal> principals = subject.getPrincipals();

            principals.add(rolesPortalGroup);

            PortalGroup callerPrincipalGroup = new PortalGroup(
                    "CallerPrincipal");

            callerPrincipalGroup.addMember(getPrincipal());

            principals.add(callerPrincipalGroup);
        }

        return commitValue;
    }

    @Override
    public void initialize(
            Subject subject, CallbackHandler callbackHandler,
            Map<String, ?> sharedState, Map<String, ?> options) {

        //_log.info("initialize");
        _subject = subject;
        _callbackHandler = callbackHandler;

    }

    @Override
    public boolean login() throws LoginException {
        String[] credentials = null;
        //_log.info("login");
        try {
            credentials = authenticate();
        } catch (Exception e) {
            _log.error(e.getMessage());

            throw new LoginException();
        }

        if ((credentials != null) && (credentials.length == 2)) {
            setPrincipal(getPortalPrincipal(credentials[0]));
            setPassword(credentials[1]);

            return true;
        }

        throw new LoginException();
    }

    @Override
    public boolean logout() {
        Subject subject = getSubject();

        Set<Principal> principals = subject.getPrincipals();

        principals.clear();

        return true;
    }

    // already authenticated in LR hooks - just build a context
    protected String[] authenticate()
            throws IOException, UnsupportedCallbackException {

        //_log.info("authenticate");
        NameCallback nameCallback = new NameCallback("name: ");
        PasswordCallback passwordCallback = new PasswordCallback(
                "password: ", false);

        _callbackHandler.handle(
                new Callback[]{nameCallback, passwordCallback});

        String name = nameCallback.getName();

        String password = null;
        char[] passwordChar = passwordCallback.getPassword();

        if (passwordChar != null) {
            password = new String(passwordChar);
        }

        if (name == null) {
            return new String[]{"", ""};
        }

        //_log.info("simple names");
        return new String[]{name, password};
    }

    protected String getPassword() {
        return _password;
    }

    protected Principal getPortalPrincipal(String name) throws LoginException {
        return new PortalPrincipal(name);
    }

    protected Principal getPrincipal() {
        return _principal;
    }

    protected Subject getSubject() {
        return _subject;
    }

    protected void setPassword(String password) {
        _password = password;
    }

    protected void setPrincipal(Principal principal) {
        _principal = principal;
    }

    private final static Logger _log = LoggerFactory.getLogger(CaciLoginModule.class);

    private CallbackHandler _callbackHandler;
    private String _password;
    private Principal _principal;
    private Subject _subject;

}

Then copied generated jar into wildfly server modules folder (no other dependencies required)

Then in the ROOT.war altered jboss-deployment - added reference to the new module.

In the wildfly config replaced outdated module with my

All works. You have to do the similar for Tomcat

RE: RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-19T17:05:02Z

Hi Alex,

Thanks for the update.

Can you please let me know/any pointers which you followed to create own JAAS module? How to create custom/own JAAS module?

Are you using liferay's login portlet in your application or custom one? Have you added missing classes to Portal-kernel or Portal-impl?

Regards,

Fayaj

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-19T15:30:50Z

I had to create own JAAS module (copied from 7.1 sources). Now everything is ok, but left me puzzled why that was removed in 7.4

RE: RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-07-19T15:18:45Z

Hi Alex,

Is it wokring for you? We are also facing the same issue JAAS not working with Liferay 7.4 and tomcat.

Regards,

Fayaj

RE: Liferay 7.4 JAAS not working - returns to the login screen

2022-06-26T09:57:46Z

Some details - LR7.4, WildFly 22.0.0.

When JAAS enabled:

"Logon as user1" ---> WAR ---> ejb call ---> EAR bean method. In the EAR bean I have @SessionContext resource and getPrincipal gave me "user1".

"Logon as user2" ---> WAR ---> ejb call ---> EAR bean method. In the EAR bean I have @SessionContext resource and getPrincipal gave me "user2".

But in 7.4 JAAS is deprecated and I have to switch it off and getPrincipal returns "anonymus" for all logged users, which is wrong.

Please help

Liferay 7.4 JAAS not working - returns to the login screen

2022-06-24T13:23:12Z

Hi,

I successfully upgraded LR 7.1 to 7.4 (latest) but it seems like JAAS stopped working there and I able to login only with portal.jaas.enable=false now.

portal-ext.properties:

portal.jaas.enable=true
portal.jaas.auth.type=screenName

Are there any hidden changes I missed between 7.1 and 7.4?

Thank you