-
1. Re: three parameter login with JAAS
starksm64 Sep 17, 2001 6:08 PM (in response to pitdingo)One simple solution is to simply concatenate the password and SSN and have a custom login module validate the combined password by validating the pieces.
-
2. Re: three parameter login with JAAS
pitdingo Sep 18, 2001 7:42 AM (in response to pitdingo)have a hidden j_password field and have javascript combine the two? possibly...
but what if i had a drop down on the login page where the user could choose the system they were logging into....i need access to the HttpServletRequest Object to be really flexible and to invoke the login method on the LoginContext manually from a Servlet. I tried that and although it says I am authenticated, jboss challenges me when i try to access a protected resource. That would give me full control over the Authentication process.
The current model of authentication is not flexible enough. Can anyone come up with an example of why one should not be allowed to manually authenticate via the login method from a Servlet? Wouldn't that be the same as a client app invoking a login? It seems to me it should be. -
3. Re: three parameter login with JAAS
starksm64 Sep 18, 2001 11:36 AM (in response to pitdingo)Nothing prevents you from doing a JAAS login from within your servlet code. See org.jboss.test.web.servlets.ClientLoginServlet for an example.
-
4. Re: three parameter login with JAAS
pitdingo Sep 19, 2001 10:43 AM (in response to pitdingo)i tried a variation of that and it does not work.
I have a login form call a LoginServlet that does the login process. I see the "[Default] User 'java' authenticated." come up in the command window and do a sendRedirect( "index.html" ) which i have secured in my web.xml file. I then get prompt to login again!
If I change the login form to not use my LoginServlet and submit to 'j_security_check', it works. Same LoginModule mind you.
So why doesn't the server recognize that I have been authenticated? -
5. Re: three parameter login with JAAS
pitdingo Sep 20, 2001 4:12 PM (in response to pitdingo)any ideas?