-
1. Re: Web/JSP login and JAAS/JBoss
adrian.brock May 6, 2003 8:22 PM (in response to tschlemmer)Check your config with
jmx-console
The principal will be null unless the jsp page
is restricted.
Regards,
Adrian -
2. Re: Web/JSP login and JAAS/JBoss
petertje May 7, 2003 2:58 PM (in response to tschlemmer)... and do not perform a login on the LoginContext in the jsp page, but let jboss (/servlet-engite) handles this for you (by making the jsp pages secured, as Adrian suggested).
You can achieve this by setting up a secured web-collection in the web.xml.
hth
peter. -
3. Re: Web/JSP login and JAAS/JBoss
tschlemmer May 8, 2003 1:41 PM (in response to tschlemmer)Someone else in another list suggested I also include the ClientLoginModule along with the DatabaseServerLogin module in our application-policy definition in the login-config.xml file so I added the following:
<login-module
code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
It appears that the ClientLoginModule adds the necessary "glue" that allows a non-null principal to be used when method calls are made from the Servlet container into the EJB container.
I don't know if this is satifactory solution or not but it does work.
Anthony -
4. Re: Web/JSP login and JAAS/JBoss
tschlemmer May 8, 2003 1:44 PM (in response to tschlemmer)Someone else in another list suggested I also include the ClientLoginModule along with the DatabaseServerLogin module in our application-policy definition in the login-config.xml file so I added the following:
<login-module
code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
It appears that the ClientLoginModule adds the necessary "glue" that allows a non-null principal to be used when method calls are made from the Servlet container into the EJB container.
I don't know if this is satifactory solution or not but it does work.
Anthony