1 Reply Latest reply on Aug 21, 2004 2:19 PM by ltcmelo

    Problems to keep login data

    ltcmelo

      Hi,
      i got a real big problem that i must figure out a way out of it.

      I got my application protected with JAAS, so users cannot access any pages or servles withou a login. There's only one servlet (wich is not secure) that is the one that actually logs the user in.

      Heres the code of my login servlet.

      //...
      String j_username = (String)request.getParameter("j_username");
      String x = (String)request.getParameter("j_password");
      
      if (x != null){
       j_password = x.toCharArray();
       handler = new UsernamePasswordHandler(j_username, j_password);
      }
      
      LoginContext lc = null;
      
      try {
       lc = new LoginContext("example2", handler);
       lc.login();
      
      
       //this part doesn't matter very much
       Subject subject = lc.getSubject();
       Set principals = subject.getPrincipals();
       Principal user = new SimplePrincipal(j_username);
       principals.add(user);
      
      } catch (LoginException e) {
       // TODO Auto-generated catch block
       e.printStackTrace();
       throw new Exception();
      }
      
      // redirect to other page...
      


      The above code runs perfectly! It logs the user correctly and then i'm forwared to some other page.
      But, when i get to this other page, everything is gone!!! I'm not logged anymore. If i try to access another page in my application, i'm redirect to the login.jsp page again!!!

      I heard that this is because the multi-thread characteristic of the servlets, but

      how can i workaround this??? how can i make this maintain my login through the rest of my session???


      Here's a piece of login-config.xml
       <application-policy name = "client-login">
       <authentication>
       <login-module code = "org.jboss.security.ClientLoginModule"
       flag = "required">
       </login-module>
       </authentication>
       </application-policy>
      
      
      
       <application-policy name="example2">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <!--<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>-->
       <module-option name="dsJndiName">java:/DefaultDS</module-option>
       <module-option name="principalsQuery">Select Password from Principals where PrincipalID =?</module-option>
       <module-option name="rolesQuery">Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID =?</module-option>
       </login-module>
       </authentication>
       </application-policy>