PUBLIC - Liferay Portal Community Edition
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-2522

MainServlet assumes that HttpServletRequest.getRemoteUser() returns valid liferay user id

    Details

    • Type: Bug Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 5.2.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Similar Issues:
      Show 5 results 

      Description

      I have a following setup

      Apache HTTPD 2.2 forwards requests using AJP proxy to Tomcat 5.5.27 running Liferay Portal 5.2.2

      Login is made using apache authentication modules and I changed tomcatAuthentication="false" from tomcat AJP configuration.

      The problem is that in Liferay's MainServlet assumes that HttpServletRequest.getRemoteUser() returns user id that can be found from liferay's user database. In my case HttpServletRequest.getRemoteUser() returns username. That causes MainServlet to throw following exception and custom auto login class never gets called.

      com.liferay.portal.NoSuchUserException: No User exists with the primary key 0

      I think MainServlet should not assume that HttpServletRequest.getRemoteUser() returns user id.

        Issue Links

          Activity

          Hide
          Raymond Auge added a comment - - Restricted to

          This isn't a bug.

          If you're in MainServlet and your AutoLogin implementation didn't fire then it's already to late. You have a misconfiguration somewhere which is causing it to be overlooked.

          Typically, the autologin plugins are hit before MainServlet because they are called by the AutoLogin Filter which is a pre filter.

          Your scenario is a typical SSO issue. Have a look at the other SSO implementations for some hints on how to solve your problem.

          Show
          Raymond Auge added a comment - - Restricted to This isn't a bug. If you're in MainServlet and your AutoLogin implementation didn't fire then it's already to late. You have a misconfiguration somewhere which is causing it to be overlooked. Typically, the autologin plugins are hit before MainServlet because they are called by the AutoLogin Filter which is a pre filter. Your scenario is a typical SSO issue. Have a look at the other SSO implementations for some hints on how to solve your problem.
          Hide
          Antti Ahvenlampi added a comment - - Restricted to

          OK, I managed to solve it by implementing my own servlet filter.

          It seems quite odd to me that you can't use getRemoteUser in auto login hooks

          Show
          Antti Ahvenlampi added a comment - - Restricted to OK, I managed to solve it by implementing my own servlet filter. It seems quite odd to me that you can't use getRemoteUser in auto login hooks
          Hide
          Raymond Auge added a comment - - Restricted to

          I understand. The reason is that the AutoLoginFilter's processFilter method will only execute the AutoLogin hooks when request.getRemoteUser() returns null.

          i.e.

          String remoteUser = request.getRemoteUser();
          String jUserName = (String)session.getAttribute("j_username");

          if ((remoteUser == null) && (jUserName == null)) {
          for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) {
          AutoLogin autoLogin = (AutoLogin)InstancePool.get(
          autoLoginHook);
          ...

          You solved it in the same way we solved it for other scenarios like CAS, NTLM, and OpenSSO.

          Show
          Raymond Auge added a comment - - Restricted to I understand. The reason is that the AutoLoginFilter's processFilter method will only execute the AutoLogin hooks when request.getRemoteUser() returns null. i.e. String remoteUser = request.getRemoteUser(); String jUserName = (String)session.getAttribute("j_username"); if ((remoteUser == null) && (jUserName == null)) { for (String autoLoginHook : PropsValues.AUTO_LOGIN_HOOKS) { AutoLogin autoLogin = (AutoLogin)InstancePool.get( autoLoginHook); ... You solved it in the same way we solved it for other scenarios like CAS, NTLM, and OpenSSO.

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 50 weeks, 4 days ago

                Development

                  Structure Helper Panel