I have another web app, that uses the liferay user database. But before a user can access this website he needs be authenticated first. How can I achieve this functionality, I've tried searching the WS api for authentication using email/password, but found none.
Also the user should still be able to login to the liferay portal. And the login should be like another liferay web service.
Any hints?
Hmm, since I have access to the database maybe 1 way is to hash the password given by the client? and validate against the values stored in the database.
Found out that PwdEncryptor class is the one responsible for encrypting the password, unfortunately it has too many dependencies with liferay that I'm unable to pull it out :-?
Thanks
It might not be the best approach but this solution might be what you're looking for. It will just require the company id, email and password of the user. In my case I have the default company id from liferay.
To authenticate an email/password, you can call other liferay webservice in my case: get-user-id-by-email-address. And then authenticate the user via HTTP Basic. When using jersey rest webservice to call the liferay web service you can code that like this:
String url += String.format("user/get-user-id-by-email-address?companyId=%s&emailAddress=%s",
properties.getProperty("default.company.id"), email);
ClientConfig config = new DefaultClientConfig();
Client client = Client.create(config);
client.addFilter(new HTTPBasicAuthFilter(email, password));
WebResource service = client.resource(url);
ClientResponse response = service.accept("application/json").post(ClientResponse.class);
if (response.getClientResponseStatus() == com.sun.jersey.api.client.ClientResponse.Status.OK) {
//valid user
} else {
//invalid user
}