On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by using the session id passed to it and then looking up the user principal. If this is non-null, the user is authenticated. I am using web.xml with security constraints and UsersRoleLoginModule defined in jaas.conf which is working fine. I want to add an additional method of login. How do I set the principal on the session in my custom login module?
Is this a JAAS login module or something else?
I have tried a number of things, including: HttpSession session = request.getSession(); // Retrieve or create the Subject Subject subject = (Subject) session.getAttribute("javax.security.auth.subject"); if (subject == null) { subject = new Subject(); session.setAttribute("javax.security.auth.subject", subject); } subject.getPrincipals().size()); Principal customPrincipal = new CustomPrincipal("Random Username"); subject.getPrincipals().add(customPrincipal);All my calls to request.getUserPrincipal() are null so of course my custom login fails.Alternatively/additionally, can I configure the container to also check for an access token for authentication? Thank you for any input or advice. I'd be happy to share additional details.Ryan
Take a look at AuthenticatorBase.register() Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org