Get user credentials of the user who logs into liferay portal

I want to ge开发者_开发知识库t the userid and password of the user who logs into the liferay portlet.I am able to get the userid who has logged into the portal by using

String userName = (userInfo != null) ? (String)userInfo.get("**user.name.given**")

Now I need to get the password too. How can I do that?

I am doing this beacause I need to login to two iframes (different websites), with the same userid and password(which was entered to log into the portal).

---

Setting session.store.password is somewhat dangerous because passwords will be stored in RAM in clear text and will appear in memory dumps etc.

Normally Liferay doesn't store clear-text password (i.e. exact password text) but only keeps hash of a password. When user tries to log in, hash is calculated, and then only hash is stored or check against stored ones. (You can configure Liferay to store clear-text passwords, but you shouldn't do it as this isn't very secure).

In liferay 6.1 you can hook into authentication process and get hold on a clear text password before the hashing - create a hook for auth.pipeline.post. This is described in full at Liferay WIKI: http://www.liferay.com/documentation/liferay-portal/6.1/user-guide/-/ai/authentication-pipeline

In short, you add your own authenticator that does nothing and just returns Authenticator.SUCCESS all the time, but before returning it can do something with the clear text password provided.

---

Its solved !!!

We can get username and password as follows,

String username = themeDisplay.getUser().getScreenName();
String password = (String)request.getSession().getAttribute(WebKeys.USER_PASSWORD);

and in portal-ext.properties, set

session.store.password=true
session.shared.attributes.excludes=