Thanks for this hint,
this seems to be the right way, i will try it soon.
Daniel
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3953624#3953624
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3953624
Using Tomcat but need to
Hello Sonja and cgriffith,
thanks for your replies.
yes - its a strange way to do a programmatic login but
i didn't found another way...
Authenticating via creating a LoginContext is the right way (and i tried it)
but I need to propagate the principal through request.getPrincipal(). I need
this
You need to hit a secured resource and allow the container to forward you to
the login page. You cannot try to do the j_security thing yourself, unless
there has been a redirect.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3953447#3953447
Reply to the post
Hey anil,
i will try to call the j_security thing after the server send
me a redirect. maybe this will try my problems with my
strange
url = http://localhost:8080/portal/j_security_check?jsessionid=; +
sessionId() + :-1j_username= + getLoginName() + j_password= +
getPassword();
solution..
Yes, you could create your own custom Authenticator for Tomcat. See:
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExternalizeTomcatAuthenticators
http://jira.jboss.com/jira/browse/JBAS-2899
Specifically you might want to look at the the AuthenticatorBase.invoke()
method.
Josh
View the original
Sonja,
You are confusing container managed authentication with application managed
authentication. The j_security_check resource is defined by the Java Servlet
spec. as a resource that must be made available to applications to provide
conainer managed (form-based) authentication. It can not
Thank you for replying, cgriffith!
Do you say that tomcat authentication (I know it quite well, just starting to
switch to ejb) is the only way for jboss to remember Principal and Roles to do
further security checks (as @RolesAllowed and things like myfaces
visibleOnUserRole - ok, that's
. and
d) There is no FacesContext and no SeamContext in a Servlet Filter
e) same problem in a custom LoginModule (that was my first idea...)
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3953335#3953335
Reply to the post :
I try doing similar things and I'm stuck, too ;-(
In a way I'd like to replace j_security_check - Unfortunately I can't find the
source code of that servlet ...
This is my first trial:
A backing bean creates a LoginContext and uses the security-domain I specified
in login-config.xml (with
Daniel,
This is certainly a strange way to do container managed authentication.
Several things come to mind that may prevent you from doing this. First, I
think the j_security_check request must use POST method. Second, I suspect
that your jsessionid would need to be a valid session id.
10 matches
Mail list logo
