So for anyone wondering if sso-template-jsp.txt still works -- it does but you now have to make sure that the UtilityThreadLocal TenantInstance matches the TenantInstance in the SecurityIdentifier which is obtained via the webRequest.getSecurityIdentifier() method.
Here is how I did it.
public Boolean loginUser(String username) {
Boolean initialized = false;
String tenantId = "";
if (username == null || username.length() == 0) return initialized;
try {
WebRequest webRequest = new DefaultWebRequest(this.getRequest());
WebResponse webResponse = new DefaultWebResponse(this.getResponse());
Tenants tenants = configurationManager.getTenants();
for (int i = 0; i < tenants.getTenantInstanceCount(); i++) {
TenantInstance tenantInstance = tenants.getTenantInstance(i);
tenantId = tenantInstance.getId();
if (tenantId != null && tenantId.length() > 0) break;
}
UtilityThreadLocal.init(tenantId);
WebSession webSession = new WebSession(webResponse, webRequest, this.getPageContext().getServletContext());
UserSessionController usController = UserSessionControllerFactory.getInstance();
SecurityIdentifier newSecId = usController.init(username, webRequest.getSecurityIdentifier());
if (newSecId != null && newSecId.isUserLoggedIn()) {
String userStatus = newSecId.getUserStatus();
if (!SecurityIdentifier.INACTIVE_STATUS.equals(userStatus) &&
!SecurityIdentifier.LOCKED_STATUS.equals(userStatus)) {
webSession.setSecurityIdentifier(newSecId);
if (!webSession.getSessionInitialized()) {
webSession.initSessions(newSecId);
}
initialized = true;
}
}
} catch (Exception ex) {
log.error(ex);
}
return initialized;
}
I get the username via a smartcard certificate which contains the user's email address (in SubjectAlternativeNames). Once I pull the email address out, I query (via web services) a simple NSQL that gives me id, username and email.
public String getEmailCertificateUser() {
X509Certificate[] x509Certificates = (X509Certificate[]) this.getRequest().getAttribute("javax.servlet.request.X509Certificate");
return getEmailCertificateUser(x509Certificates);
}
public String getEmailCertificateUser(X509Certificate[] x509Certificates) {
String emailAddress = "";
String userName = "";
try {
for (X509Certificate x509Certificate : x509Certificates) {
if (!checkCertificateValidity(x509Certificate)) continue;
String issuerDn = x509Certificate.getIssuerDN().getName();
if (!issuerDn.toUpperCase().startsWith("CN=DOD EMAIL")) continue;
Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
if (subjectAlternativeNames == null) continue;
Iterator<List<?>> iterator = subjectAlternativeNames.iterator();
while (iterator.hasNext()) {
List list = (List) iterator.next();
if (((Integer) list.get(0)).intValue() != 1) continue;
emailAddress = list.get(1).toString().toLowerCase();
break;
}
if (emailAddress.length() > 0) break;
}
if (emailAddress.length() > 0) {
emailAddress = emailAddress.toLowerCase();
configurationManager = ConfigurationManager.getInstance();
ApplicationServerInstance nsa = configurationManager.getApplicationServerInstance("nsa");
nsa.getServicePassword();
userName = getUserName(nsa.getServicePassword(), emailAddress);
}
} catch (Exception ex) {
log.error(ex);
}
return userName;
}
V/r,
Gene