[jboss-user] [Security & JAAS/JBoss] - Programmatic Login Advice

Fri, 01 Dec 2006 05:35:50 -0800 

Hi,

I am running JBOSS 4.05GA and using FORM based authentication. Everything in my 
webapp, including the security/authentication is working fine, however, a new 
requirement has emerged which means that a windows application which opens up a 
browser and requests a page within my webapp must be able to login. I have 
setup a JSP for testing (not a protected resource) that accepts a username and 
password and attempts a programmatic login and then to redirect to the user's 
homepage within the webapp.

Here is how I have been trying to get this to work.


  | <%
  |     UsernamePasswordHandler handler = new 
UsernamePasswordHandler("userxxx","passwordxxx");
  |     LoginContext lc = null;
  |     
  |     try 
  |     { 
  |         lc = new LoginContext("MySecurityRealm", handler); 
  |         lc.login();
  |         log.info("We're cookin on gas!");
  | 
  |         // Everything from here on should automatically be associated with 
  |         // the Subject authenticated by the login 
  |         
  |     } catch (Exception e) { 
  |         // handle exception
  |         log.error(e.getMessage());
  |     } 
  | 
  | %>
  | <c:redirect url="/homePage.do"/>
  | 

I have a custom written login module within "MySecurityRealm" which inherits 
from DatabaseServerLoginModule and performs my webapp logins. I included debug 
inside the class to see what was happening and the call by lc.login() in the 
code above correctly calls and executes a user login within my realm (defined 
in my login-config.xml) and returns without error. I can see in the server logs 
the database queries to authenticate the user and get their roles etc. and that 
these all seem fine, however, I think I must be missing some code as I'm 
guessing that perhaps the login credentials are not being populated somewhere 
where they are required as the redirect to homePage.do simply sends me straight 
back to the normal "FORM based" login of my webapp.

Can anyone help me out or point me in the direction of what is missing or 
perhaps suggest an alternative? I've heard that the Jakarta Commons HttpClient 
API provides methods for performing a programmatic login.... should I be using 
this instead?

Any help is greatly appreciated.
Kind Regards,
Paul.






View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990437#3990437

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3990437
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to