[JBoss-user] [Security & JAAS/JBoss] - Re: JAAS Login/Logout Notification

Just some random suggestions ... If you are using a web application, how about using a simple Session listener and checking for sessionCreated, sessionDestroyed ? Doesn't your application offer a explicit login/logout mechanism ? I am not aware that JAAS offers any listener/callback support for

[JBoss-user] [Security & JAAS/JBoss] - Re: Jboss 4.0.3 SP1 j_security work in fedoracore 3 but not

Can you give more details ? What is the output ? Blank page ? Nothing ? If you change the log settings to debug / trace do you get more information ? Have you looked at every log ? JBoss boot.log and server.log ? In the logs of ubuntu, are there any reported errors ? Did you configure your MySQ

[JBoss-user] [Security & JAAS/JBoss] - Re: anonymous authentication

I think that in your jboss-web.xml or jboss.xml files, you can specify the default principal to be used when not authenticated using the xml tag. When you call the getUserPrincipal, the getName method should in theory return whatever value is in your unauthenticated-principal tag. Look into t

[JBoss-user] [Security & JAAS/JBoss] - Re: Custom JAAS-Login with Servlet-Filter and Struts-App. fo

I would recommend that you use standard FORM authentication with j_security_check. If you add your struts action in the protected resources, your authentication page will be displayed. Make sure you have added both ClientLoginModule and your own LoginModule in the application policy under the

[JBoss-user] [Security & JAAS/JBoss] - Re: TerribleException on SecurityAssociationValve

Did you define anything custom ? A custom realm for example ? This error usually arrives in the SecurityAssociationValve when it tries to cast the principal object that comes from the session in a JBossGenericPrincipal object. Look at the source code for the SecurityAssociationValve invoke me

[JBoss-user] [Security & JAAS/JBoss] - Re: Overwrite j_security_check redirect

I ran into that problem myself a while ago. I was looking for a good way to do this. I came up with a not so pretty solution before we decided to use struts. What I did is I implemented an HttpSessionListener and on the sessionCreated event, I would use the requestDispatcher through the sessio

[JBoss-user] [Beginners Corner] - JAAS Login Module and User Principal best practices

Hi All, I just got into a new company. They have developped their own Authentication provider as a JAAS Login Module which is ok. They authenticate through different means. When they are done authenticating the user through the login method of the LoginModule, they populate the Subject with