1

I need to set a session in Authenticator class (key=auth.pipeline.pre) in Liferay. In this Authenticator class, I need to check credentials via another web service and set some attributes in session which should be shared with every other portlet.

I know this topic: Liferay 7 Shared Session Attributes

Problem is that I can't retrieve request (portletRequest as well) in Authenticator class.

I try the solution with PortalSessionThreadLocal like this:

String sharedKey = "LIFERAY_SHARED_" + key;
HttpSession session = PortalSessionThreadLocal.getHttpSession();
session.setAttribute(sharedKey, bean);

but I cant retrieve this session attribute in another portlet like this way:

key = "LIFERAY_SHARED_" + key;
HttpSession session = PortalSessionThreadLocal.getHttpSession();
Object bean = session.getAttribute(key);

Can you recommend me some sort of solution?

Miroslav Novák
  • 37
  • 6

2 Answers2

1

It seems to me you have two issues to look for in your case, one is the scope as suggested in the post you linked.

And the second one is the fact that session attributes do not normally survive the authentication pipeline if you have phishing protection enabled.

Only whitelisted attributes survive, and those should be configured on your portal-ext.properties.

Victor
  • 3,520
  • 3
  • 38
  • 58
0

We had a similar use case. We used expandos/custom fields for persisting user information that retrieved with external web service calls during user authentication either in a custom auto login filter for SSO or a custom login portlet.

The expandos once stored can be retrieved via api calls in custom modules.

Example API call to save the expando:

user.getExpandoBridge().setAttribute("example", "value", false);

For more details you can look at this post: Expandos

VC1
  • 1,660
  • 4
  • 25
  • 42