Consuming User Attributes
- Laura McCord
- James Wennmacher (Deactivated)
General support for user attributes
You need to add to your portlet.xml something like
<user-attribute> <description>User Family Name</description> <name>user.name.family</name> </user-attribute>
where the <name> attribute is the Key mapped within your personDirectoryContext.xml (see manual [chapter on user attributes|06 User Attributes]).
Then from within your Portlet code you can access the values like this
Map userInfo = (Map)request.getAttribute(PortletRequest.USER_INFO);
String surname = (String)userInfo.get("user.name.family");
Assuming you are using Spring MVC, to expose the user-attribute value to a JSP page, you would do something like this in your controller class:
// Make the PortletRequest.USER_INFO available
model.put("userInfo", req.getAttribute(PortletRequest.USER_INFO));
In your JSP you would then access the user-info as you would any other model object:
<c:out value="${userInfo[accountNameAttribute]}"/>
Special support for conveying the end user's password to the JSR-168 portlet
Cache and replay passwords only with sober consideration
Don't use uPortal's password caching and replay features unless you really want these behaviors! Don't expose end user passwords to portlets you don't trust. (Then again, don't install into your portal portlets you don't trust.)
The user attribute "password" is populated with the end user's cached password when a caching security context is used *and* off-by-default support for conveying those cached passwords via the JSR-168 user attribute API is turned on.
Enabling conveyance of passwords as user attributes
Step 1. Configuring uPortal to cache the password at login
This is accomplished in uportal-war/src/main/resources/properties/security.properties (see code below).
- Comment out root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
- Uncomment the root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
- Uncomment the CAS cleartext password service: org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory
## Answers what tokens are examined in the request for each context during authentication.
## A subcontext only needs to set its tokens if it differs from those of the root context.
principalToken.root=userName
credentialToken.root=password
credentialToken.root.cas=ticket
## Answers where the user will be redirected when log out occurs. Each security context can have one.
## (See comments in the LogoutServlet class)
## It would be better to escape the value of the url parameter, but since there are no parameters on the
## unescaped URL and since there are no further parameters on the logout URL, this does work.
logoutRedirect.root=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/logout?url=${environment.build.uportal.protocol}://${environment.build.uportal.server}${environment.build.uport
al.context}/Login
## This is the factory that supplies the concrete authorization class
authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl
## Login URL, if specified the CLogin channel will display a Login link with
## this URL instead of the standard userName/password form.
org.jasig.portal.channels.CLogin.CasLoginUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/login?service=${environment.build.uportal.protocol}://${environment.build.uportal.serv
er}${environment.build.uportal.context}/Login
## URL of the CAS cleartext password service
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/clearPass
Step 2. Configuring uPortal's portlet container to convey the password
- Open and edit uportal-war/src/main/resources/properties/contexts/portletContainerContext.xml
- Uncomment the cachedPasswordUserInfoService bean (see below)
<!-- uncommented the cachedPasswordUserInfoService -->
<bean id="cachedPasswordUserInfoService"
class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService">
<property name="decryptPassword" value="false"/>
</bean>
Step 3. Consuming the attributes once available
<user-attribute> <description>Specially treated user attribute name that will be populated with the end user's cached password, if available</description> <name>password</name> </user-attribute>
Then from within your Portlet code you can access the password like this
Map userInfo = (Map)request.getAttribute(PortletRequest.USER_INFO);
String password = (String)userInfo.get("password");
Consuming Multi-Value Attributes
Suppose you are trying to access an ldap attribute that consists of a list of values. Recently, support was added in uPortal 3.1.3 and 3.2.0 for the USER_INFO_MULTIVALUED (org.jasig.portlet.USER_INFO_MULTIVALUED) attribute which returns a Map<String, List<Object>>. For detailed information about this addition, please visit the following link: https://issues.jasig.org/browse/UP-933
Add Feedback content box here.....