[JBoss-user] [Security JAAS/JBoss] - Re: why multiple authentication !

2004-12-06 Thread hatoug 
BUT When I use the basic authentication in web.xml,
auth-methodBASIC/auth-method
realm-nameGedOnLine Securit/realm-name
it works fine.

so why cannot it also work with a FORM authentication ?



View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=3857502#3857502

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3857502


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] [Security JAAS/JBoss] - Re: why multiple authentication !

2004-12-06 Thread [EMAIL PROTECTED] 
Because form auth requires tight integration with the web container security 
internals. Basic auth passes in the username and password as part of the http 
request and we integration with the http url authentication mechanism.

View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=3857561#3857561

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3857561


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] [Security JAAS/JBoss] - Re: why multiple authentication !

2004-12-03 Thread hatoug 
CODE SNIPPET OF THE SERVLET AUTHENTICATION
protected void forward (HttpServletRequest request, HttpServletResponse 
response) 
throws ServletException, IOException 
{ 
System.out.println(appel de accesPWS.forward()); 
String useraction = request.getParameter(useraction); 
String buildUrl = null; 
if (useraction!=null  useraction.equals(close)) 
{ 
HttpSession session = request.getSession(false); 
try { 
System.out.println(Appel de close); 
gedAccess.remove(); 
deleteDirectory((String)session.getAttribute(repUsr)); 
session.invalidate(); 
}catch (Exception e) { 
e.printStackTrace(); 
} 
} 
else 
{ 
if (useraction!=null  useraction.equals(form)) 
{ 
String username = request.getParameter(j_username); 
String password = request.getParameter(j_password); 
try 
{ 
SecurityAssociationHandler handler = new SecurityAssociationHandler(); 
SimplePrincipal user = new SimplePrincipal(username); 
handler.setSecurityInfo(user, password.toCharArray()); 
LoginContext loginContext = new LoginContext(pws, (CallbackHandler)handler); 
loginContext.login(); 
System.out.println(username+ - OK); 
Subject subject = loginContext.getSubject(); 
Set principals = subject.getPrincipals(); 
principals.add(user); 
}catch(LoginException e) 
{ 
System.out.println(Erreur de login); 
buildUrl = error.jsp; 
e.printStackTrace(); 
} 
} 
// CONNEXION OK ** 
if (buildUrl==null) 
{ 
HttpSession session = request.getSession(true); 
System.out.println(session.getId()); 
File rep = new File(c:\\Temp\\+session.getId()+\\); 
buildUrl = /jsp/ged.jsp; 
try { 
if (rep.mkdir()) 
session.setAttribute(repUsr,c:Temp+session.getId()+); 
else 
System.out.println(Echec dans la creation du repertoire de travail); 
String usr = 2; 
session.setAttribute(usr,usr); 
session.setAttribute(username,request.getParameter(username)); 
initGedAccess(); 
try { 
gedAccess = gedAccessHome.create(); 
} catch (RemoteException e1) { 
e1.printStackTrace(); 
} catch (CreateException e2) { 
e2.printStackTrace(); 
} 
session.setAttribute(gedAccess,gedAccess); 
session.setAttribute(application,p_applicationMetier); 
Hashtable tokens = gedAccess.getTokens(usr); 
session.setAttribute(tokens,tokens); 
System.out.println(buildUrl=+buildUrl); 
RequestDispatcher rd = getServletContext().getRequestDispatcher(buildUrl); 
rd.forward(request,response); 
} catch (Exception e) { 
e.printStackTrace(); 
} 
} 
// FIN DE CONNEXION OK  
} // fin du else si fin ou debut de session 




}

View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=3857340#3857340

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3857340


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] [Security JAAS/JBoss] - Re: why multiple authentication !

2004-12-03 Thread [EMAIL PROTECTED] 
The JAAS login does not change the security association at the web container 
level such that forwarded request are done with that security context. The JAAS 
login affects calls to other secured resources like jms, ejbs, and jca. I have 
created a feature request to see if this is something we can provide support 
for in the future:
http://jira.jboss.com/jira/browse/JBWEB-3


View the original post : 
http://www.jboss.org/index.html?module=bbop=viewtopicp=3857383#3857383

Reply to the post : 
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3857383


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user