search

actframework / act-aaa-plugin

Use OSGL aaa library to mange Authentication/Authorization/Accounting for ActFramework Application
Apache License 2.0
6 stars 2 forks source link

act-aaa support login with userId #30

Closed leeaee closed 4 years ago

leeaee commented 5 years ago

Now, act-aaa used 'username' as the login name for authentication. But in our system need support multip-login type such as 'phone', 'email' and allows the user to change the phone or email. We used userId as the foreign key in other object tables, not the username. In the scenario, act-aaa could not support the requirement.

Code example:

In database, we defined 'user_id' as user address table foreign key.

CREATE TABLE IF NOT EXISTS `lx`.`user` (
  `id` BIGINT NOT NULL AUTO_INCREMENT,
  `email` VARCHAR(63) NOT NULL,
  `phone` VARCHAR(31) NULL,
  ...
  PRIMARY KEY (`id`)  COMMENT '',
  UNIQUE INDEX `open_id_UNIQUE` (`email` ASC)  COMMENT '',
  UNIQUE INDEX `phone_UNIQUE` (`phone` ASC)  COMMENT '')
ENGINE = InnoDB;
CREATE TABLE IF NOT EXISTS `lx`.`user_address` (
  `id` BIGINT NOT NULL AUTO_INCREMENT,
  `user_id` BIGINT NOT NULL,
  `province` VARCHAR(31) NOT NULL,
  ...
  PRIMARY KEY (`id`),
  UNIQUE INDEX `id_UNIQUE` (`id` ASC) COMMENT '')
ENGINE = InnoDB;

And in our logic, we also using 'userId' as linked value for userAddress

public class User implements SimpleBean, UserLinked {

    public Long id;
    public String email;
    public String phone;
    ...

    @Override
    public Long linkedUser() {
        return this.id;
    }
}
public class UserAddress implements SimpleBean, UserLinked {

    public Long id;
    @Column(name = "user_id", unique = true, nullable = false, updatable = false)
    public Long userId;
    public String province;
    ...

    @Override
    public Long linkedUser() {
        return this.userId;
    }
}

Could act-aaa add userId support for login and authentication?

greenlaw110 commented 5 years ago

Fixed.

In order to support id, application need to set act configuration:

aaa.user.key=id

Another place app needs to change is it must pass userId instead of username when login a user, say if previous code is:

@PostAction("login")
public void login(String username, char[] password, ActionContext ctx, User.Dao userDao) {
    notFoundIfNot(userDao.authenticate(username, password));
    User user = userDao.findByUsername(username);
    ctx.login(user.email);
}

The new code needs to be:

@PostAction("login")
public void login(String username, char[] password, ActionContext ctx, User.Dao userDao) {
    notFoundIfNot(userDao.authenticate(username, password));
    User user = userDao.findByUsername(username);
    ctx.login(user.id);
}

The final part app needs to follow is the User entity class must have either getter/setter for id or a field named id