On 01/02/2024 17:48, Ryanesch@yahoo wrote:
On Feb 1, 2024, at 10:34 AM, Mark Thomas <ma...@apache.org> wrote:
On 31/01/2024 00:15, Ryan Esch wrote:
From what I understand, the container knows if a user is authenticated by
using the session id passed to it and then looking up the user principal. If
this is non-null, the user is authenticated. I am using web.xml with security
constraints and UsersRoleLoginModule defined in jaas.conf which is working
fine. I want to add an additional method of login.
How do I set the principal on the session in my custom login module?
Is this a JAAS login module or something else?
I have tried a number of things, including:
HttpSession session = request.getSession();
// Retrieve or create the Subject
Subject subject = (Subject) session.getAttribute("javax.security.auth.subject");
if (subject == null) {
subject = new Subject();
session.setAttribute("javax.security.auth.subject", subject);
}
subject.getPrincipals().size());
Principal customPrincipal = new CustomPrincipal("Random Username");
subject.getPrincipals().add(customPrincipal);All my calls to
request.getUserPrincipal() are null so of course my custom login
fails.Alternatively/additionally, can I configure the container to also check
for an access token for authentication?
Thank you for any input or advice. I'd be happy to share additional details.Ryan
Take a look at AuthenticatorBase.register()
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Yes, this is jaas. I’ve realized that if I use jboss’ SimplePrincipal to create
my principal, the user principal is finally set on the subject. However, when I
use a custom principal, it is not set on the subject correctly. Even if I copy
SimplePrincipal exactly or extend it. Note that “correctly” means that I get
something returned from request.getUserPrincipal. There must be something
behind the scenes that checks for exactly SimplePrincipal?
https://tomcat.apache.org/tomcat-11.0-doc/config/realm.html#JAAS_Realm_-_org.apache.catalina.realm.JAASRealm
Search for userClassNames. You may also need roleClassNames.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org