[JBoss-user] [Security JAAS/JBoss] - Re: New LoginContext for each request...
HI All, Thanks scott, i used a filter to do this but i am not sure how to do it with a tomcat valve any way the filter looks like this | public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) | throws IOException, ServletException | try | { | WorkServerWebEJBServiceLocator.getInstance().performLogin(); | chain.doFilter(request, response); | } | catch (ServiceLocatorException aException) | { | cCat.error(WorkServerWebEJBServiceLocator Login error.); | cCat.debug(WorkServerWebEJBServiceLocator Login error., aException); | } | finally | { | try | { | WorkServerWebEJBServiceLocator.getInstance().performLogout(); | } | catch (ServiceLocatorException aException) | { | cCat.error(WorkServerWebEJBServiceLocator Logout error.); | cCat.debug(WorkServerWebEJBServiceLocator Logout error., aException); | } | } | | | I configured this filter for all URLs like using /* mapping . the performlogin and logout methods does the following | try | { | UsernamePasswordHandler tHandler = new UsernamePasswordHandler(iUserName, | iPassword.toCharArray()); | iLoginContext = new LoginContext(client-login, tHandler); | iLoginContext.login(); | cCat.info(Login With : + iUserName + : + iPassword); | } | catch (LoginException aException) | { | cCat.error(Could not login for the LoginContext.); | } | | i hope this will help regards jani View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3834020#3834020 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834020 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: New LoginContext for each request...
That is the expected behavior in 3.2.3. 3.2.1 could leak credentials back to the request thread pool and allow unauthenticated users to access secured content using someone else's credentials. Will this continue to be the same sort of behavior with 3.2.4? Thanks.. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3834075#3834075 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834075 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: New LoginContext for each request...
Thanks to Jani for the code. Of course, Tomcat valve would be also helpful. Looking forward to an answer to nivek's query !! Vijay View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3834122#3834122 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3834122 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: New LoginContext for each request...
I agree with Jani. And, also appreciate the response from scott. But could you please explain little bit more when you say, Use a servlet filter or tomcat valve then, or point me to some more details on this. Thanks Vijay View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3833944#3833944 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3833944 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: New LoginContext for each request...
Use a servlet filter or tomcat valve then. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3833794#3833794 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3833794 --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user