T
Tom Oosterwijk
Guest
2 Months ago I asked a question about using external user management . It took some time due to holidays and changing priorities, but about 80% of the work is done. The problem I am currently facing is that because my authentication can now happen via a an OAuth2-flow, the BMUserBean on the session does not have the user's password (nor will oebpm ever be able to know the password). But when I try to add groups as an admin, or try to adjust my own start page as a user, I need to enter my password. This is validated (I believe) in the AjaxUtilController with an action value of updateUser of updateUserProfile. Here the password given is first validated, I believe versus the password that was set in the BMUserBean. I have set some random password here in my authenticationFilter, since it can't be empty, but of course the user does not know about this password. Is there a way to update user information like groups or start page without the user providing a password, using the existing profile/administration screens and AjaxUtilController? FYI: most of my realm and user functionality just extend the JDBC ones, only the password is ignored. I'm not even using a custom Group class.
Continue reading...
Continue reading...