Consuming User Attributes

General support for user attributes

You need to add to your portlet.xml something like

Declaring a user attribute in portlet.xml
<user-attribute>
  <description>User Family Name</description>
  <name>user.name.family</name>
</user-attribute>

where the <name> attribute is the Key mapped within your personDirectoryContext.xml (see manual [chapter on user attributes|06 User Attributes]).

Then from within your Portlet code you can access the values like this

Accessing a user attribute from JSR-168 Java implementation
Map userInfo = (Map)request.getAttribute(PortletRequest.USER_INFO);
String surname = (String)userInfo.get("user.name.family");

Assuming you are using Spring MVC, to expose the user-attribute value to a JSP page, you would do something like this in your controller class:

Spring MVC Controller User-attribute code
// Make the PortletRequest.USER_INFO available
model.put("userInfo", req.getAttribute(PortletRequest.USER_INFO)); 

In your JSP you would then access the user-info as you would any other model object:

Accessing user-attributes using Spring MVC in JSP
<c:out value="${userInfo[accountNameAttribute]}"/> 

Special support for conveying the end user's password to the JSR-168 portlet

Cache and replay passwords only with sober consideration

Don't use uPortal's password caching and replay features unless you really want these behaviors!  Don't expose end user passwords to portlets you don't trust. (Then again, don't install into your portal portlets you don't trust.)

The user attribute "password" is populated with the end user's cached password when a caching security context is used *and* off-by-default support for conveying those cached passwords via the JSR-168 user attribute API is turned on.

Enabling conveyance of passwords as user attributes

Step 1. Configuring uPortal to cache the password at login

This is accomplished in uportal-war/src/main/resources/properties/security.properties (see code below).

  • Comment out root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
  • Uncomment the root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
  • Uncomment the CAS cleartext password service: org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl
uportal-war/src/main/resources/properties/security.properties
## This is the factory that supplies the concrete authentication class
root=org.jasig.portal.security.provider.UnionSecurityContextFactory
#root.cas=org.jasig.portal.security.provider.cas.CasAssertionSecurityContextFactory
root.cas=org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory
root.simple=org.jasig.portal.security.provider.SimpleSecurityContextFactory


## Answers what tokens are examined in the request for each context during authentication.
## A subcontext only needs to set its tokens if it differs from those of the root context.
principalToken.root=userName
credentialToken.root=password
credentialToken.root.cas=ticket


## Answers where the user will be redirected when log out occurs. Each security context can have one.
## (See comments in the LogoutServlet class)
## It would be better to escape the value of the url parameter, but since there are no parameters on the
## unescaped URL and since there are no further parameters on the logout URL, this does work.
logoutRedirect.root=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/logout?url=${environment.build.uportal.protocol}://${environment.build.uportal.server}${environment.build.uport
al.context}/Login

## This is the factory that supplies the concrete authorization class
authorizationProvider=org.jasig.portal.security.provider.AuthorizationServiceFactoryImpl

## Login URL, if specified the CLogin channel will display a Login link with
## this URL instead of the standard userName/password form.
org.jasig.portal.channels.CLogin.CasLoginUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/login?service=${environment.build.uportal.protocol}://${environment.build.uportal.serv
er}${environment.build.uportal.context}/Login

## URL of the CAS cleartext password service
org.jasig.cas3.extensions.clearpass.integration.uportal.PasswordCachingCasAssertionSecurityContextFactory.clearPassCasUrl=${environment.build.cas.protocol}://${environment.build.cas.server}/cas/clearPass

 

Step 2. Configuring uPortal's portlet container to convey the password

  • Open and edit uportal-war/src/main/resources/properties/contexts/portletContainerContext.xml 
  • Uncomment the cachedPasswordUserInfoService bean (see below)
<!-- uncommented the cachedPasswordUserInfoService -->
    <bean id="cachedPasswordUserInfoService" 
        class="org.jasig.portal.portlet.container.services.CachedPasswordUserInfoService">
        <property name="decryptPassword" value="false"/>
    </bean>

Step 3. Consuming the attributes once available

Declaring password user attribute in portlet.xml
<user-attribute>
 <description>Specially treated user attribute name that will be populated with the end user's cached password, if available</description>
 <name>password</name>
</user-attribute>

Then from within your Portlet code you can access the password like this

Accessing a user attribute from JSR-168 Java implementation
Map userInfo = (Map)request.getAttribute(PortletRequest.USER_INFO);
String password = (String)userInfo.get("password");

 

Consuming Multi-Value Attributes

Suppose you are trying to access an ldap attribute that consists of a list of values. Recently, support was added in uPortal 3.1.3 and 3.2.0 for the USER_INFO_MULTIVALUED (org.jasig.portlet.USER_INFO_MULTIVALUED) attribute which returns a Map<String, List<Object>>. For detailed information about this addition, please visit the following link: https://issues.jasig.org/browse/UP-933

 

Additional References

Having problems with these instructions?

Please send us feedback at uportal-user@lists.ja-sig.org