[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic or hidden login without presenting login-form?

Wed, 16 Nov 2005 01:20:05 -0800 

Hello. I'm not sure if this will be picked up by everyone interested, but as I 
had trouble with this issue I thought I would post my solution. If somebody 
wants to add it to a wiki fine.
My issue was that I had external (in Apache) authentication but needed a JAAS 
sign-on and authorisation. AJP13 was setting the RemoteUser via a cookie. I 
used a version of the DatabaseServerLoginModule for authorisation based on the 
RemoteUser.

To trigger the Signon - I needed first to code the following simple Servlet:

/**
 * 
 * Simple Servlet to trigger JAAS Login - passing the RemoteUser as username.
 * 
 * @author Jim Brady
 */
public class LoginServlet extends HttpServlet {

  public void init() throws ServletException {
  }

  public void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
    doPost(request,response);
  }

  public void doPost(HttpServletRequest request, HttpServletResponse response) {
    // retrieve form parameter values from request
    Log log = LogFactory.getLog(this.getClass());

    try {
      log.info("User = " + request.getRemoteUser());
      response.sendRedirect("j_security_check?j_username="
        + request.getRemoteUser() + "&j_password=");
    } catch (Exception e) {
      log.warn("Whoah", e);
    }
  }
}

This was integrated via the following items in web.xml. 

<servlet-mapping>
<servlet-name>LoginServlet</servlet-name>
<url-pattern>*.login</url-pattern>
</servlet-mapping>


<servlet-name>LoginServlet</servlet-name>
<servlet-class>appl.web.login.LoginServlet</servlet-class>


<login-config>
<auth-method>FORM</auth-method>
<realm-name>APACHE</realm-name>
<form-login-config>
<form-login-page>/login/apache.login</form-login-page>
<form-error-page>/login/loginError.htm</form-error-page>
</form-login-config> 
</login-config>

It took a long while to work out how to do this, so I hope it helps some other 
people out there! 

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3907352#3907352

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3907352


-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to