4 Replies Latest reply on Apr 15, 2003 5:02 AM by didi1976

    How JBoss passes j_username to custom login module?

    haujye Apr 11, 2003 2:12 AM

      Dear all,

      I have written a custom login module subclassing AbstractServerLoginModule, and changed the login-config.xml to include that.

      On the web app side, I am using FORM authentication. I have changed the jboss-web.xml to point the security-domain to the one I specified in login-config.xml.

      I can see that my custom login module gets invoked, but I am not sure how to access j_username and j_password from my login.html?

      Do I have to set any other config?

      Thanks a lot.

      • 1778 Views
      • Tags:
        • 1. Re: How JBoss passes j_username to custom login module?
          haujye Apr 11, 2003 2:14 AM (in response to haujye)

          I forgot to mention I am using the JBoss 3.0.6 with Tomcat 4.1.18 bundle.

            • Actions
          • 2. Re: How JBoss passes j_username to custom login module?
            petertje Apr 11, 2003 9:32 AM (in response to haujye)

            What do you mean "not sure to access j_username and j_password from my login.html"?? The web container is handling the form submit, you don't have to do anything there....

            Peter

              • Actions
            • 3. Re: How JBoss passes j_username to custom login module?
              haujye Apr 13, 2003 10:26 PM (in response to haujye)

              Thanks for your reply.

              What I meant was - how can I access j_username and j_password from a custom login module?

              I know that web container can authenticate for me but can I do that with a custom login module?

              For this reason, I need to read the values of j_username and j_password in my login module.

                • Actions
              • 4. Re: How JBoss passes j_username to custom login module?
                didi1976
                didi1976 Apr 15, 2003 5:02 AM (in response to haujye)

                Within your LoginModule there is a initialize-method which gets called.

                There a callbackhandler is supplied which can be asked for Name and Password. You can use javax.security.auth.callback.NameCallback and PasswordCallback to get the info.

                This info has to be used later when login gets called to verify the "correctness" of the supplied username and password. You could use the sharedState to store that information.

                If the username/password is ok, set loginOk=true and return true from the login-method.

                Implement a getPrincipal() method which returns the Identity of the User. Also implement the getRoleSet()-method to supply the associated roles.

                Didi

                  • Actions