6 Replies Latest reply on Dec 5, 2002 2:18 PM by dmaclaren

Logging into JAAS from within a servlet

gwoodward Nov 6, 2002 1:42 PM

Hi:

We have form based authentication working with JAAS with the database login module (JBoss 3.0.3 with Tomcat 4.1.12; JDK 1.4.1 on Linux; PostgreSQL for the database). I also have a stand-alone external EJB client which can successfully log into the security realm and invoke methods on our EJB's.

However, I currently need to explicitly log into the system from within a GenericServlet (not HttpServlet). I am attempting to log in exactly like I do from within the stand-alone client application, and it seems to log in fine (I can step through the JBoss code in the debugger and see that the password is being compared successfully against the one stored in the database). However, when I go to invoke my first EJB methods, I get a security exception and it says my principal is null.

How does one explicitly log into the system from within a servlet? It seems that the fact that we've successfully logged into the system needs to be "stashed" somewhere prior to obtaining the EJB home interfaces. Thanks.

-- Greg

1. Re: Logging into JAAS from within a servlet

deep Nov 22, 2002 12:52 PM (in response to gwoodward)

I am running 3.04 & 4.1.12 an am wondering?

Did you eventually solve this problem because I am suffering here...

I think it has something to do with auth.conf
However I don't no if I have to add auth.conf to catalina explicitly!
I know how to do it from a client program by adding auth.conf as a -d argument but I cannot find any documentation to help me further along.
Actions
2. Re: Logging into JAAS from within a servlet

jwkaltz Nov 25, 2002 4:14 AM (in response to gwoodward)

In JBoss 2.4.X you need to run the JAAS module org.jboss.security.ClientLoginModule in order to bind the username & password to the JBoss invocation layer. Otherwise the server won't know who is calling it. So yes you would need the auth.conf (or equivalent) in your servlet container's path.

Not sure what the deal in 3.0 is, but probably similar ?
Actions
3. Re: Logging into JAAS from within a servlet

deep Nov 25, 2002 10:58 AM (in response to gwoodward)

I thought I show catalina's startup change between Jboss 2.X catalina and 3. In 2.x catalina is started from it's startup script. This has changes in 3 which allows catalina to be configured in tomcat41-service.xml.

How to place auth.conf there.....??? No idea ....yet.
Actions
4. Re: Logging into JAAS from within a servlet

jmoring Nov 25, 2002 11:14 AM (in response to gwoodward)

There is a shortcut to this process. It is JBoss specific and potentially version specific. You can do what the client login module does without the overhead of the JAAS configuration. Look at the source for the ClientLoginModule. I use this approach on the client-side of EJB calls without any problems. I only set the principal and the credentials and not the subject.

Use at your own risk!!!!

HTH
Actions
5. Re: Logging into JAAS from within a servlet

deep Nov 25, 2002 12:18 PM (in response to gwoodward)

I am going to check the source out to see what is going on there, but I will keep looking for the legal way to make auth.conf known to catalina webapps.

BTW should not there be a dtd with tomcat41-server.xml??
Actions
6. Re: Logging into JAAS from within a servlet

dmaclaren Dec 5, 2002 2:18 PM (in response to gwoodward)

now I was working on an Iplanet application where we on registrering at the site we woould add the user and role to LDAP. Afther that we would get a handle into IPLANET's application and force what the form based auth does on a login. this way the user would not be prompted for the id/pass after they register.

There should be a way into JBOSS wither direstly or through JAAS to pass the Registration information(id/pass) for a later callback when the system need the information.

Has anyone done this? Do you understand my question on forcing the login throough code
Actions

Go to original post