Problems to keep login data
ltcmelo Aug 20, 2004 12:34 AMHi,
i got a real big problem that i must figure out a way out of it.
I got my application protected with JAAS, so users cannot access any pages or servles withou a login. There's only one servlet (wich is not secure) that is the one that actually logs the user in.
Heres the code of my login servlet.
//... String j_username = (String)request.getParameter("j_username"); String x = (String)request.getParameter("j_password"); if (x != null){ j_password = x.toCharArray(); handler = new UsernamePasswordHandler(j_username, j_password); } LoginContext lc = null; try { lc = new LoginContext("example2", handler); lc.login(); //this part doesn't matter very much Subject subject = lc.getSubject(); Set principals = subject.getPrincipals(); Principal user = new SimplePrincipal(j_username); principals.add(user); } catch (LoginException e) { // TODO Auto-generated catch block e.printStackTrace(); throw new Exception(); } // redirect to other page...
The above code runs perfectly! It logs the user correctly and then i'm forwared to some other page.
But, when i get to this other page, everything is gone!!! I'm not logged anymore. If i try to access another page in my application, i'm redirect to the login.jsp page again!!!
I heard that this is because the multi-thread characteristic of the servlets, but
how can i workaround this??? how can i make this maintain my login through the rest of my session???
Here's a piece of login-config.xml
<application-policy name = "client-login"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module> </authentication> </application-policy> <application-policy name="example2"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <!--<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>--> <module-option name="dsJndiName">java:/DefaultDS</module-option> <module-option name="principalsQuery">Select Password from Principals where PrincipalID =?</module-option> <module-option name="rolesQuery">Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID =?</module-option> </login-module> </authentication> </application-policy>