...

You can use this framework to implement your own login logic.

Login Procedure

To show you how login works in Magnolia, we have used a The following (simplified login) procedure . Assume assumes you have two JAAS modules configured (red and green).
Image Removed
 
If you login to Magnolia by filling out the login form:
Image Added

•   When a user logs in to Magnolia CMS, all configured JAAS modules try to authenticate the user by calling the login() method. 
  
  
• The method

...

• throws

...

• an {{LoginException }} if the login fails authentication. Since

  Javadoc
  info.magnolia.jaas.sp.AbstractLoginModule info.magnolia.jaas.sp.AbstractLoginModule

    provides the {{login()}}method, a JAAS module only has to implement a validateUser() method

...

• .
  
  
• When the user

...

• successfully authenticated, the commit() method of all JAAS modules

...

• is called.

login()

...

The login() authentication method of

Javadoc
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule info.magnolia.jaas.sp.jcr.JCRAuthenticationModule

is mandatory. This method verifies that the user entered is vaild , and enabled and checks that the password entered matches the password stored for that user.

This first module is mandatory. The second module's login authorization method is only called if the user has been properly verified. Therefore the login() authorization method ofof 

Javadoc
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule info.magnolia.jaas.sp.jcr.JCRAuthorizationModule

can be implemented empty.

...

Javadoc
info.magnolia.cms.security.User info.magnolia.cms.security.User

.

JAAS Module

The simplest way to accomplish our example and support both an external user information storage system as well as the Magnolia repository is to create a JAAS module extending

...