How to custom CQ Login Module

In order to manage the login process in our project, we will use a custom CQ Login Module.

We will admit the root URL of CQ instance is: http://localhost:4502/. This value may change depending of your environment.

The %CQ_HOME% variable we will mention refers to the CQ install path. It admits you have defined %CQ_HOME% as an environment variable.

1.        Update the repository definitions

The login module must be referenced in the repository definitions. You have to edit the next file: %CQ_HOME%/crx-quickstart/repository/repository.xml

Do a copy of repository.xml to repository.xml.original

In repostiory.xml, replace security part of repository.xml with following:

<Security appName="com.day.crx">
        <SecurityManager class="com.day.crx.core.CRXSecurityManager">
<WorkspaceAccessManager class="org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager"/>
            <UserManager class="com.day.crx.core.CRXUserManagerImpl">
<param name="usersPath" value="/home/users"/>
<param name="groupsPath" value="/home/groups"/>
<param name="defaultDepth" value="1"/>
</UserManager>
        </SecurityManager>
        <AccessManager class="org.apache.jackrabbit.core.security.DefaultAccessManager"></AccessManager>
</Security>

rest of the file may remain unchanged.

2.        Configure JAAS

Firstly, we will add a configuration file to define login modules used by MyProject project. Create a new file in: %CQ_HOME%/crx-quickstart/conf/myproject.conf

Add in this file the code below:

com.day.crx {

     com.day.crx.core.CRXLoginModule sufficient;

     com.customlogin.myproject.authentication.LoginModule required;

};

Now we will update the startup script. Edit the file: %CQ_HOME%/crx-quickstart/bin/start

Make sure the CQ_USE_JAAS variable is defined and set to true

::* use jaas.config

if not defined CQ_USE_JAAS set CQ_USE_JAAS=true

Add (or replace) the following line:

::* config for jaas

if not defined CQ_JAAS_CONFIG set CQ_JAAS_CONFIG=%CQ_HOME%\crx-quickstart\conf\myproject.conf

Then add the following JVM parameter

if defined CQ_USE_JAAS        set CQ_JVM_OPTS=%CQ_JVM_OPTS% -Djava.security.auth.login.config=%CQ_JAAS_CONFIG%

NOTE: please run cq by start.bat (window)

3.        Install custom login module bundle

To install the custom login module, go to the bundles manager: http://localhost:4502/system/console/bundles

Click on the “Install/Update…” button to install a new bundle.

In the popup, configure “Start Level” to 15 and select the bundle to install: user-custom-login-[version].jar

Now, you have to restart your CQ instance. (The bundle must be present at startup time in order to be activated, so you must restart the CQ instance after uploading it.)

To verify that the custom login module is correctly installed, you can look at the authenticator manager: http://localhost:4502/system/console/slingauth

4.        Add generic user

All users will be logged into CQ as the same CQ user. Currently, the common user you have to configure in CQ is “genuser”.

To add it, go to user admin console: http://localhost:4502/useradmin and click on create > create user

Set “genuser” in all required fields. Note that the password will never be checked in CQ, because login module authenticates users from an external base.

Now you can try to authenticate you in CQ with MyProject login module. For test purpose, you can use the user: testing@gmail.com/password, stored in database.

5.        Use a custom login form

To use the custom MyCustom authentication, you have to send a request with following properties:

·         method = POST

·         action URI has to end with .../j_security_check. CQ will convey each request send to .../j_security_check to authentication handlers

·         parameters:

o   j_username: the username

o   j_password: the password

o   resource: the component the user tried to access

o   authenticationType: set it to “myproject-auth”

The code below gives you an example:

<form name="login" method="POST" id="login" action="/libs/granite/core/content/login.html/j_security_check" novalidate="novalidate">

                <input type="hidden" name="_charset_" value="UTF-8"/>

                <input type="hidden" name="resource" value="&#x2f;"/>

                <input type="hidden" name="authenticationType" value="myproject-auth"/>

                <p class="sign-in-title">Sign in</p>               

                <label for="username"><span>User name</span></label>

                <input id="username" name="j_username" type="email" autofocus="autofocus" pattern=".*" placeholder="User name" spellcheck="false" autocomplete="off"/><br/>

                <label for="password"><span>Password</span></label>

                <input id="password" name="j_password" type="password" placeholder="Password" spellcheck="false" autocomplete="off"/><br/>                   

                </div>

                <button type="submit" class="primary">Sign In</button>

            </form>

http://dev.day.com/docs/en/cq/current/core/deploying/custom-login-modules.html