We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

« Back to Blogs

Implement custom authentication in liferay

Liferay provides fine tuned authentication mechanism that has many third party integration also like LDAP,CAS.

There might be time when you want to implement your own custom authentication mechanism for authenticating users in Liferay. One of such scenario is to implement custom authentication when you want to authenticate user with other field instead of Liferay default password.

Consider following scenario for when such kind of implementation is needed:

Your mobile app has login functionality with social media platforms like Facebook, Google etc.  When users login with social media platforms in the app, the app doesn’t have access to the user’s Liferay password. Without having the password, it is not possible to access Liferay’s protected web services from the mobile app.


I would like to briefly describe the one of the possible solutions for this.

The mobile app have the access tokens received from social media platforms. You can authenticate users based on these access tokens rather than Liferay’s password. Of course, you need to consider all the use cases and possible overheads for this.


To implement this in the Liferay, we need to create a hook:

Liferay by default provide three ways to authenticate user.

    1. By email Address

    2. By Screen Name

    3. By user Id

You can find respected method in UserLocalServiceImpl like authenticateByEmailAddress() , authenticateByScreenName() , authenticateByUserId .


From the mobile side, set the access token as password and implement custom authentication to access protected web services.

To implement custom authentication.

  • Create a liferay wrapper hook for UserLocalServiceImpl.


In the hook, override appropriate authentication method of your type. If you are using email address as authentication override authenticateByEmailAddress method of UserLocalServiceImpl.

Here is the sample code :

public int authenticateByEmailAddress(long companyId, String emailAddress, String password,
        Map<String, String[]> headerMap, Map<String, String[]> parameterMap, Map<String, Object> resultsMap)
        throws PortalException, SystemException {

             int authResult = FAILURE;
           // implement custom authentication mechanism here.
             if(Authenticated) {
               authResult = SUCCESS;
            // Use liferay’s default authentication in other case
            authResult= super.authenticateByEmailAddress(companyId, emailAddress, password, headerMap, parameterMap, resultsMap);

	return authResult;

This method called every time when you hit liferay’s protected web services and in the other cases when user authentication is necessary. When your Custom_Authentication_Condition is met, request executes the custom logic you have implemented for authentication.

Please find attachment of sample hook here for the reference.

For more implementation details or support you may contact us at [email protected].

contact-us Request a callback WhatsApp