This content has been marked as final.
Show 4 replies
-
1. Re: Form based auth + EJB Auth working, How to use form-auth
websel Oct 14, 2004 9:28 AM (in response to websel)I've found a workaround to get the username & password back from the Form based authentication. I'm working with a Filter which intercepts the post and stores the values in the session scope.
package com.artomilito.www.colossus; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * Login Filter 14-oct-2004, Wessel de Roode * From an idea of dmitry_ame at yahoo.com. * Written for Struts & Xdoclet & changed for * EJB Authentication by Wessel. * Purpose to intecept the username & password from a * FORM based authentication. The username & password * can now used for authenticating with EJB's * This filter should point to an unprotected directory * with an empty jsp file in it. Example /login/dummy.jsp * * The loginform should look like this in struts: * <FORM name="loginform" action="login/dummy.jsp" method="post"> * <input type="text" name="j_username"/> * <input type="password" name="j_password"/> * * After login the loginAction or any first action that is addressed can retrieve the * values with: * HttpSession session = request.getSession(); * String user = session.getAttribute("j_username")); * String pass = session.getAttribute("j_password")); * Without the Filter these values will be null * @author Wessel de Roode * * @web.filter * name = "LoginFilter" * * @web.filter-mapping * url-pattern = "/login/*" */ public class LoginFilter implements Filter { static Log log = LogFactory.getLog(LoginFilter.class); public void init(FilterConfig arg0) throws ServletException {} public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletResponse httpResponse = (HttpServletResponse)response; HttpServletRequest httpRequest = (HttpServletRequest) request; String redirectString = "j_security_check"; log.info( "Sending redirect to: " + redirectString); String username = httpRequest.getParameter("j_username"); String password = httpRequest.getParameter("j_password"); HttpSession session = httpRequest.getSession(); // Set the attributes in the session space session.setAttribute("j_username", username ); session.setAttribute("j_password", password ); httpResponse.sendRedirect( redirectString +"?j_username="+username+"&j_password="+password ); chain.doFilter(httpRequest, httpResponse); } public void destroy() {} }
-
2. Re: Form based auth + EJB Auth working, How to use form-auth
starksm64 Oct 16, 2004 3:56 PM (in response to websel)If you are using the embedded tomcat in jboss there will be automatic propagation of the security context required to access the servlet to the ejb tier. If the servlet accessing the ejb is not under a restricted context there is no security context to propagate however.
-
3. Re: Form based auth + EJB Auth working, How to use form-auth
websel Nov 9, 2004 2:39 PM (in response to websel)"scott.stark@jboss.org" wrote:
If you are using the embedded tomcat in jboss there will be automatic propagation of the security context required to access the servlet to the ejb tier. If the servlet accessing the ejb is not under a restricted context there is no security context to propagate however.
Sorry for the late response, i've been to africa for a while on a long trip.
Thanks for your reply, still not figured this out.
- I'm using the standard JBoss 4.0.zip file from the download area with the principal-caller patch. so that the isUserInRole call works.
- And i'm using the integrated tomcat from Jboss 4.0 .
Still this propagation doesn't work. Could there be a problem because i'm using struts? All the struts actions are under the webcontainer restrictions.
Any corners i should check again ?
Please any help is welcome..
Thanks in advance,
Wessel de Roode -
4. Re: Form based auth + EJB Auth working, How to use form-auth
starksm64 Nov 10, 2004 2:41 AM (in response to websel)The only thing left is to file a bug report on sourceforge with an example application that shows the problem.
http://sourceforge.net/tracker/?group_id=22866&atid=376685