[sonar-dev] Login automatically

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

Hi,

I suppose that you forgot to implement the ruby on rails controller that authenticates the user by executing your custom Authenticator.
See https://github.com/SonarCommunity/sonar-openid/blob/master/src/main/resources/org/sonar/ror/openid/app/controllers/openid_controller.rb.

Regards

On 3 September 2012 13:17, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

Dear Simon,

Since I am new to ROR, I am trying to understand the mentioned ROR script i.e. 'openid_controlled.rb'

Can I use the same script as it looks generic as I didn't find any of the OpenID specific Java class in that script.

How to deploy the ROR script along with the plugin?

Also whether I need to make any configuration with respect to this ROR script so as to make it work.

Regards,
J Prasanna

On Mon, Sep 3, 2012 at 7:14 PM, Simon Brandhof <[hidden email]> wrote:

Hi,

I suppose that you forgot to implement the ruby on rails controller that authenticates the user by executing your custom Authenticator.
See https://github.com/SonarCommunity/sonar-openid/blob/master/src/main/resources/org/sonar/ror/openid/app/controllers/openid_controller.rb.

Regards

On 3 September 2012 13:17, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

The solution depends if you need to replace the standard mechanism (login form is disabled and only automatic login URL is available) or to make both mechanisms complementary. What's your use-case ?

On 4 September 2012 08:19, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Simon,

Since I am new to ROR, I am trying to understand the mentioned ROR script i.e. 'openid_controlled.rb'

Can I use the same script as it looks generic as I didn't find any of the OpenID specific Java class in that script.

How to deploy the ROR script along with the plugin?

Also whether I need to make any configuration with respect to this ROR script so as to make it work.

Regards,
J Prasanna

On Mon, Sep 3, 2012 at 7:14 PM, Simon Brandhof <[hidden email]> wrote:

Hi,

I suppose that you forgot to implement the ruby on rails controller that authenticates the user by executing your custom Authenticator.
See https://github.com/SonarCommunity/sonar-openid/blob/master/src/main/resources/org/sonar/ror/openid/app/controllers/openid_controller.rb.

Regards

On 3 September 2012 13:17, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

Dear Simon,

I need both i.e.

1. I should be able to login to Sonar through sonar login page where the authentication mechanism is mine (i.e. external authentication system)
2. I should be able to login to sonat through automatic login url.

Thanks & Regards,
J Prasanna

On Tue, Sep 4, 2012 at 1:19 PM, Simon Brandhof <[hidden email]> wrote:

The solution depends if you need to replace the standard mechanism (login form is disabled and only automatic login URL is available) or to make both mechanisms complementary. What's your use-case ?

On 4 September 2012 08:19, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Simon,

Since I am new to ROR, I am trying to understand the mentioned ROR script i.e. 'openid_controlled.rb'

Can I use the same script as it looks generic as I didn't find any of the OpenID specific Java class in that script.

How to deploy the ROR script along with the plugin?

Also whether I need to make any configuration with respect to this ROR script so as to make it work.

Regards,
J Prasanna

On Mon, Sep 3, 2012 at 7:14 PM, Simon Brandhof <[hidden email]> wrote:

Hi,

I suppose that you forgot to implement the ruby on rails controller that authenticates the user by executing your custom Authenticator.
See https://github.com/SonarCommunity/sonar-openid/blob/master/src/main/resources/org/sonar/ror/openid/app/controllers/openid_controller.rb.

Regards

On 3 September 2012 13:17, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

The SecurityRealm extension point, which declares an Authenticator and a UserProvider, is executed by default when the login form is submitted. It's self-reliant as long as the required input is provided by the form (login and password). That's for example the case for forwarding authentication to external LDAP servers (see the LDAP plugin).

When input is different (for example your token) or when workflow is more complex (openid), then servlet filters are used to override the standard login form and to authenticate users. The technical limitation is that this java authentication is not visible from the ruby on rails webapp. That's why generally the servlet filter forwards to a ruby controller that only verifies that the authentication has been correctly done then log the user in the webapp.

To be more precise for your use-case :

1. declare an URL dedicated to your custom authentication, for example http://localhost:9000/prasanna/authenticate. That means that the automatic login will be available via http://localhost:9000/prasanna/authenticate?username=foo&token=bar. This URL is managed by the ruby controller implemented in src/main/resources/org/sonar/ror/<your plugin>/app/controllers/prasanna_controller.rb
2. create a ServerFilter intercepting requests to /prasanna/authenticate
3. the filter verifies the token if the http parameters "token" and "username" are present then adds the object UserDetails to the request attributes (see OpenIdValidationFilter).
   
4. as you said, you can copy the content of the ruby controller. It executes your custom Authenticator extension
5. your Authenticator verifies the presence of UserDetails to log the user in the webapp. By design only a single security realm is accepted. For this reason the same Authenticator should delegate authentication to external system if the UserDetails is not available in the request.
   

I hope it helps
Simon

On 4 September 2012 11:19, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Simon,

I need both i.e.

1. I should be able to login to Sonar through sonar login page where the authentication mechanism is mine (i.e. external authentication system)
2. I should be able to login to sonat through automatic login url.

Thanks & Regards,
J Prasanna

On Tue, Sep 4, 2012 at 1:19 PM, Simon Brandhof <[hidden email]> wrote:

The solution depends if you need to replace the standard mechanism (login form is disabled and only automatic login URL is available) or to make both mechanisms complementary. What's your use-case ?

On 4 September 2012 08:19, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Simon,

Since I am new to ROR, I am trying to understand the mentioned ROR script i.e. 'openid_controlled.rb'

Can I use the same script as it looks generic as I didn't find any of the OpenID specific Java class in that script.

How to deploy the ROR script along with the plugin?

Also whether I need to make any configuration with respect to this ROR script so as to make it work.

Regards,
J Prasanna

On Mon, Sep 3, 2012 at 7:14 PM, Simon Brandhof <[hidden email]> wrote:

Hi,

I suppose that you forgot to implement the ruby on rails controller that authenticates the user by executing your custom Authenticator.
See https://github.com/SonarCommunity/sonar-openid/blob/master/src/main/resources/org/sonar/ror/openid/app/controllers/openid_controller.rb.

Regards

On 3 September 2012 13:17, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

I came up with a plugin similar to OpenID plugin. I had my own authentication mechanism.

When I tried to login through sonar login page, login happens perfectly. Here 'Authenticator' class and 'UserProvider' class are called.

But when I tried to do a SSO login using an url (which I have mentioned in my earlier mail), only the AuthenticationFilter class is called and 'Authenticator' class and 'UserProvider' class are never been called.

Am I missing any configurations here?

Thanks & Regards,
J Prasanna

On Fri, Aug 31, 2012 at 5:21 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Freddy,

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

I solved the above thing. I was using 3.0 version. That is the problem.

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Regards,
J Prasanna

On Fri, Aug 31, 2012 at 4:33 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Hi Freddy,

I went through the openid add-on.

My understanding is that they have implemented it through 3 classes.

OpenIdValidationFilter
OpenIdAuthenticator
OpenIdUserProvider

Right? Just to make sure that my understanding is correct.

Also I am not able to find ServletFilter class under 'org.sonar.api.web' package and where can I find 'Context ' class which is used in OpenIdAuthenticator class and OpenIdUserProvider class.

I have implemented Authenticator class by extending LoginPasswordAuthenticator class. This is FYI

Regards,
J Prasanna Venkatesan

On Thu, Aug 30, 2012 at 9:02 PM, Freddy Mallet <[hidden email]> wrote:

Hi Prasanna,

Your question is : "Does Sonar API allow to support SSO mechanisms ?". The answer is yes and the Sonar Open ID plugin is a good starting poing if you want to support your own SSO engine by developing a new Sonar plugin : http://docs.codehaus.org/display/SONAR/OpenID+Plugin. 

Kind regards,

Freddy

-----

twitter.com/FreddyMallet

Sonar for Continuous Inspection

On Thu, Aug 30, 2012 at 2:18 PM, JPrasanna Venkatesan <[hidden email]> wrote:

Dear Team,

I got a req.

Say I have an URL

'http://localhost:9000?username=admin&token=asd244dfw234ee' 

On clicking this URL, user should be able to log into the apps automatically without going to sonar login page.

Even if this is not possible, if we can get the values of 'username' and 'token' in the authenticator class -> authenticate() method, thats fine. I can do my own authentication.

Any suggestion??

Regards,
J Prasanna Venkatesan

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

--

Simon BRANDHOF | SonarSource
http://sonarsource.com

How do this URL is managed by ruby controller? whether we need to configure some thing? because when I access this url I am getting this error 'The page you were looking for doesn't exist.You may have mistyped the address or the page may have moved.Go back to the homepage'. I feel ruby controller is not called.

Also in src/main/resources/org/sonar/ror/<your plugin>/app/controllers/prasanna_controller.rb, how to know my plugin name so that I can replace <your plugin> in that path. Whether we should take from pom.xml. Also whether the name of the ruby controller under controllers folder can be anything.

create a ServerFilter intercepting requests to /prasanna/authenticate

Please explain this one. When you mean create a ServletFilter intercepting request means typing the url http://localhost:9000/abc/authenticate in browser?

Basically I am getting the error which I have mentioned above.

 

How do this URL is managed by ruby controller? whether we need to configure some thing? because when I access this url I am getting this error 'The page you were looking for doesn't exist.You may have mistyped the address or the page may have moved.Go back to the homepage'. I feel ruby controller is not called.

You have to follow naming conventions. See http://docs.codehaus.org/display/SONAR/Extend+Web+Application#ExtendWebApplication-Applications.
And don't forget to add the empty file init.rb.

Also in src/main/resources/org/sonar/ror/<your plugin>/app/controllers/prasanna_controller.rb, how to know my plugin name so that I can replace <your plugin> in that path. Whether we should take from pom.xml. Also whether the name of the ruby controller under controllers folder can be anything.

The plugin key is displayed during the maven build :

[INFO] -------------------------------------------------------

[INFO] Plugin definition in update center

[INFO]     Key: foo

[INFO]     Name: Foo

[INFO]     Description:

[INFO]     Version: 1.0-SNAPSHOT

 

create a ServerFilter intercepting requests to /prasanna/authenticate

Please explain this one. When you mean create a ServletFilter intercepting request means typing the url http://localhost:9000/abc/authenticate in browser?

As you said the method doGetPattern of your custom filter must return UrlPattern.create("/abc/authenticate");
 

Basically I am getting the error which I have mentioned above.

Exact, the Ruby app must be correctly configured before implementing the filter.

Hi,

Now I think the ruby part is invoked as I am getting the following error in the log file. What is this about? Please let me know.

2012.09.05 13:12:35 ERROR o.s.s.ui.JRubyFacade  Fail to render: http://10.2.4.74:9000/abcsonar/validate?username=admin&loginToken=CD979B59256CDC013446222146B12509
uninitialized constant AbcsonarController
    org/jruby/RubyModule.java:2526:in `const_missing'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activesupport/lib/active_support/dependencies.rb:92:in `const_missing'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activesupport/lib/active_support/inflector.rb:361:in `constantize'
    org/jruby/RubyArray.java:1602:in `each'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activesupport/lib/active_support/inflector.rb:360:in `constantize'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activesupport/lib/active_support/core_ext/string/inflections.rb:162:in `constantize'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:443:in `recognize'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/routing/route_set.rb:436:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/dispatcher.rb:87:in `dispatch'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/dispatcher.rb:121:in `_call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/dispatcher.rb:130:in `build_middleware_stack'
    org/jruby/RubyProc.java:268:in `call'
    org/jruby/RubyProc.java:228:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activerecord/lib/active_record/query_cache.rb:29:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activerecord/lib/active_record/query_cache.rb:9:in `cache'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activerecord/lib/active_record/query_cache.rb:28:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/string_coercion.rb:25:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/vendor/rack-1.2.1/rack/head.rb:9:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/vendor/rack-1.2.1/rack/methodoverride.rb:24:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/params_parser.rb:15:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/jruby/rack/session_store.rb:42:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/failsafe.rb:26:in `call'
    C:/sonar-3.2/war/sonar-server/WEB-INF/vendor/rails/actionpack/lib/action_controller/dispatcher.rb:106:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/rack/adapter/rails.rb:36:in `serve_rails'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/rack/adapter/rails.rb:41:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/jruby/rack/rails.rb:185:in `call'
    file:/C:/sonar-3.2/war/sonar-server/WEB-INF/lib/jruby-rack-1.0.0.1.jar!/rack/handler/servlet.rb:19:in `call'

Regards,
J Prasanna

On Wed, Sep 5, 2012 at 12:13 PM, Simon Brandhof <[hidden email]> wrote:

 

How do this URL is managed by ruby controller? whether we need to configure some thing? because when I access this url I am getting this error 'The page you were looking for doesn't exist.You may have mistyped the address or the page may have moved.Go back to the homepage'. I feel ruby controller is not called.

You have to follow naming conventions. See http://docs.codehaus.org/display/SONAR/Extend+Web+Application#ExtendWebApplication-Applications.
And don't forget to add the empty file init.rb.

Also in src/main/resources/org/sonar/ror/<your plugin>/app/controllers/prasanna_controller.rb, how to know my plugin name so that I can replace <your plugin> in that path. Whether we should take from pom.xml. Also whether the name of the ruby controller under controllers folder can be anything.

The plugin key is displayed during the maven build :

[INFO] -------------------------------------------------------

[INFO] Plugin definition in update center

[INFO]     Key: foo

[INFO]     Name: Foo

[INFO]     Description:

[INFO]     Version: 1.0-SNAPSHOT

 

create a ServerFilter intercepting requests to /prasanna/authenticate

Please explain this one. When you mean create a ServletFilter intercepting request means typing the url http://localhost:9000/abc/authenticate in browser?

As you said the method doGetPattern of your custom filter must return UrlPattern.create("/abc/authenticate");
 

Basically I am getting the error which I have mentioned above.

Exact, the Ruby app must be correctly configured before implementing the filter.