-
1. Re: Programmatic realm authentication in a servlet
mlavergn Aug 1, 2003 1:42 PM (in response to mlavergn)I made one small change that gets me closer to my goal, I think. Since my jboss-web.xml security-domain entry was java:/jaas/sso-app, I realized that this line:
(JaasSecurityManager) ctx.lookup("java:/jaas/http-invoker");
should be:
(JaasSecurityManager) ctx.lookup("java:/jaas/sso-app");
That now gets me the right JaasSecurityManager. However, I'm still unable to get a new Subject "pinned" in the JaasSecurityManager programmatically. I'm trying to get it to work using the JaasSecurityManager.isValid() method, so if I'm off base, let me know. -
2. Re: Programmatic realm authentication in a servlet
mlavergn Sep 5, 2003 1:34 PM (in response to mlavergn)To close this out, logging in "under the covers" would have required modifications to some of the JBoss JAAS classes at the Thread mapping level. This diverted from a gaol of not modifiying the JBoss sources in ways that might create incompatibilities. The final solution was based on a variant of the method described in Java Developer's Journal August 2003 Issue 8 Volume 8 "Active Authentication".
-
3. Re: Programmatic realm authentication in a servlet
pgmjsd Sep 22, 2003 11:24 AM (in response to mlavergn)Here is the URL to the article.
Active Authentication
The article is good, but it seems to rely on 'redirects' rather than forwarding. Are there any disadvantages to this?
I'm having a similar problem. I have made a simple 'self registration' application where I want to add a new user, and if the user is sucessfully added, log them in. I guess I could just redirect using this scheme... hmmm.