liferayliferay-7

Custom login method in liferay 7

I recently started learning liferay(7.1.2 ga3). my requirement is to change the login code(i.e write my own code for login) not look and feel in login.jsp.

I created a hook file with the following steps(in liferay developer studio) New -> Liferay Module Project -> Project Name as CustomLogin -> Build Type as Maven -> Project Template Name as war-hook -> then Finish.

After This folder was created with the name as CustomLogin and in that src -> main -> java -> CustomLogin -> I can see two Files CustomLoginLoginPostAction.java and CustomLoginStartupAction.java

in CustomLoginStartupAction.java


package CustomLogin;

import com.liferay.portal.kernel.events.ActionException;
import com.liferay.portal.kernel.events.SimpleAction;

public class CustomLoginStartupAction extends SimpleAction {

    @Override
    public void run(String[] lifecycleEventIds) throws ActionException {
        for (String eventId : lifecycleEventIds) {
            System.out.println("Startup event ID " + eventId);
        }
    }

}

in CustomLoginLoginPostAction.java


package CustomLogin;

import com.liferay.portal.kernel.events.Action;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.service.UserLocalServiceUtil;
import com.liferay.portal.kernel.util.PortalUtil;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class CustomLoginLoginPostAction extends Action
{
    @Override
    public void run(HttpServletRequest request, HttpServletResponse response)
    {
        long userId = PortalUtil.getUserId(request);

        User user = UserLocalServiceUtil.fetchUser(userId);

        System.out.println(user.getFirstName() + " has logged in.");
    }
}

But I dont't know what to do after this. please help. or give some sample code.

Solution

  • Strong recommendations:

    1. As you start learning Liferay, start with the current version, not with one from January 2019 (original 7.1.x release in 2018)
    2. Start with OSGi plugins - they deploy a lot quicker than WAR archives and require a lot less memory at runtime
    3. think about the requirement: You're using a platform that gives you the option to ignore all of the user management worries, and the first thing you do is to take back control of this delicate issue. Rather: Use the platform to your advantage. Consider using LDAP or SSO if you need to authenticate against another user database: That's configuration, not code - so nothing for you to maintain

    That being said, the code that you posted adds to the login procedure. E.g. the LoginPostAction is executed after Liferay's own login code is already executed. This enables you to intercept a login and impose custom rules when you know what user you deal with (and that they authenticated correctly). Similarly, there's a similar LoginPreAction, that's allowing you to intercept the login process before the user's login is applied.

    (A StartupAction is the wrong path - nothing to do with the login process - don't follow that path for this purpose)

    What you typically do in these actions is to either deny access based on unconfigurable criteria (e.g. may the user log in from that IP? At this time?) or initialize some additional environments (e.g. triggering some backend action, initialize some information in the session). For this you can determine to do this before or after the login succeeded.

    If - against my recommendation - you decide that you'll still want to customize the login process: This code for 7.0 should still work on 7.1 (and likely even on 7.4, the current version). It involves writing a custom login portlet, and the relevant code is in this class, after retrieving the HttpServletRequest (I'm omitting the presentation layer from the linked sample)

    @Component(
    property = {
        "javax.portlet.name=MyLoginPortlet",
        "mvc.command.name=/login/login"
    },
    service = MVCActionCommand.class
)
public class MyLoginMVCActionCommand extends BaseMVCActionCommand {

    @Override
    protected void doProcessAction(ActionRequest actionRequest,
            ActionResponse actionResponse) throws Exception {

        ThemeDisplay themeDisplay = (ThemeDisplay)actionRequest.getAttribute(
            WebKeys.THEME_DISPLAY);
        
        HttpServletRequest request = PortalUtil.getOriginalServletRequest(
            PortalUtil.getHttpServletRequest(actionRequest));
        
        HttpServletResponse response = PortalUtil.getHttpServletResponse(
            actionResponse);

        String login = ParamUtil.getString(actionRequest, "login");
        String password = actionRequest.getParameter("password");
        boolean rememberMe = ParamUtil.getBoolean(actionRequest, "rememberMe");
        String authType = CompanyConstants.AUTH_TYPE_EA;
        
        AuthenticatedSessionManagerUtil.login(
            request, response, login, password, rememberMe, authType);
        
        actionResponse.sendRedirect(themeDisplay.getPathMain());
    }
}

    But really: Use your time to add business value and work on business problems. Be happy that the infrastructure layer is taken care of already.