XMLWordPrintable

    Details

    • Type: Clean up
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 11.1
    • Component/s: Authentication
    • Tags:
    • Impact type:
      API change
    • Upgrade notes:
      Hide

      New methods:

      • Framework.loginSystem()
      • Framework.loginSystem(originatingUser)
      • Framework.loginUser(username)
      • NuxeoPrincipal.getCurrent()
      • NuxeoPrincipal.isCurrentAdministrator()

      The above loginSystem and loginUser methods now return a NuxeoLoginContext that is AutoCloseable and can therefore be used in a try-with-resources.

      Deprecated methods:

      • Framework.login() -> Framework.loginSystem()
      • Framework.loginAs(originatingUser) -> Framework.loginSystem(originatingUser)
      • Framework.loginAsUser(username) -> Framework.loginUser(username)
      • Framework.login(username, password) -> Framework.loginUser(username)
      • ClientLoginModule.clearThreadLocalLogin() -> LoginComponent.clearPrincipalStack() (INTERNAL)
      • ClientLoginModule.getThreadLocalLogin() -> LoginComponent (INTERNAL)
      • ClientLoginModule.getCurrentLogin() -> LoginComponent.getCurrentPrincipal()
      • ClientLoginModule.getCurrentPrincipal() -> NuxeoPrincipal.getCurrent()
      • ClientLoginModule.isCurrentAdministrator() -> NuxeoPrincipal.isCurrentAdministrator()
      • LoginStack

      These extension points or part of their contributions are removed:

      • <loginModulePlugin> in the element <authenticationPlugin> of extension point authenticators of org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService
      • the extension point domains of org.nuxeo.runtime.LoginComponent (which included registration of LoginModule classes)
      • the extension point plugin of org.nuxeo.ecm.platform.login.LoginPluginRegistry (which included registration of LoginPlugin classes)

      Behavior change:

      • NuxeoAuthenticationPlugin.handleRetrieveIdentity should now contain all the authentication code, and return a UserIdentificationInfo with credentialsChecked = true (using the 1-arg constructor) if the credentials have already been checked by the auth plugin itself. Otherwise the method may return a UserIdentificationInfo that includes a username and password, to let the generic filter check the password against the UserManager.
      Show
      New methods: Framework.loginSystem() Framework.loginSystem(originatingUser) Framework.loginUser(username) NuxeoPrincipal.getCurrent() NuxeoPrincipal.isCurrentAdministrator() The above loginSystem  and loginUser  methods now return a NuxeoLoginContext  that is AutoCloseable  and can therefore be used in a try-with-resources. Deprecated methods: Framework.login() -> Framework.loginSystem() Framework.loginAs(originatingUser) -> Framework.loginSystem(originatingUser) Framework.loginAsUser(username) -> Framework.loginUser(username) Framework.login(username, password) -> Framework.loginUser(username) ClientLoginModule.clearThreadLocalLogin() -> LoginComponent.clearPrincipalStack() (INTERNAL) ClientLoginModule.getThreadLocalLogin() -> LoginComponent (INTERNAL) ClientLoginModule.getCurrentLogin() -> LoginComponent.getCurrentPrincipal() ClientLoginModule.getCurrentPrincipal() -> NuxeoPrincipal.getCurrent() ClientLoginModule.isCurrentAdministrator() -> NuxeoPrincipal.isCurrentAdministrator() LoginStack These extension points or part of their contributions are removed: <loginModulePlugin> in the element <authenticationPlugin> of extension point authenticators of org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService the extension point domains of org.nuxeo.runtime.LoginComponent (which included registration of LoginModule classes) the extension point plugin of org.nuxeo.ecm.platform.login.LoginPluginRegistry (which included registration of LoginPlugin classes) Behavior change: NuxeoAuthenticationPlugin.handleRetrieveIdentity should now contain all the authentication code, and return a UserIdentificationInfo with credentialsChecked = true (using the 1-arg constructor) if the credentials have already been checked by the auth plugin itself. Otherwise the method may return a UserIdentificationInfo that includes a username and password, to let the generic filter check the password against the UserManager .
    • Sprint:
      nxFG 11.1.10
    • Story Points:
      5

      Description

      Remove JAAS (the use of LoginContext, security domains, LoginModules, etc.) and just call NuxeoAuthenticationPlugins directly.

      We do this because of NXP-27917 which makes usage of LoginContext slow things down.

      Note that https://bugs.openjdk.java.net/browse/JDK-8230297 has been opened at the OpenJDK level to fix LoginContext.login() slowness but at the moment this is not resolved nor backported.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 4 days
                  4d

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.