-
1. Re: why multiple authentication !
hatoug Dec 3, 2004 10:15 AM (in response to hatoug)CODE SNIPPET OF THE SERVLET AUTHENTICATION
protected void forward (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
System.out.println("appel de accesPWS.forward()");
String useraction = request.getParameter("useraction");
String buildUrl = null;
if (useraction!=null && useraction.equals("close"))
{
HttpSession session = request.getSession(false);
try {
System.out.println("Appel de close");
gedAccess.remove();
deleteDirectory((String)session.getAttribute("repUsr"));
session.invalidate();
}catch (Exception e) {
e.printStackTrace();
}
}
else
{
if (useraction!=null && useraction.equals("form"))
{
String username = request.getParameter("j_username");
String password = request.getParameter("j_password");
try
{
SecurityAssociationHandler handler = new SecurityAssociationHandler();
SimplePrincipal user = new SimplePrincipal(username);
handler.setSecurityInfo(user, password.toCharArray());
LoginContext loginContext = new LoginContext("pws", (CallbackHandler)handler);
loginContext.login();
System.out.println(username+" -> OK");
Subject subject = loginContext.getSubject();
Set principals = subject.getPrincipals();
principals.add(user);
}catch(LoginException e)
{
System.out.println("Erreur de login");
buildUrl = "error.jsp";
e.printStackTrace();
}
}
// CONNEXION OK **************************************
if (buildUrl==null)
{
HttpSession session = request.getSession(true);
System.out.println(session.getId());
File rep = new File("c:\\Temp\\"+session.getId()+"\\");
buildUrl = "/jsp/ged.jsp";
try {
if (rep.mkdir())
session.setAttribute("repUsr","c:\\\\Temp\\\\"+session.getId()+"\\\\");
else
System.out.println("Echec dans la creation du repertoire de travail");
String usr = "2";
session.setAttribute("usr",usr);
session.setAttribute("username",request.getParameter("username"));
initGedAccess();
try {
gedAccess = gedAccessHome.create();
} catch (RemoteException e1) {
e1.printStackTrace();
} catch (CreateException e2) {
e2.printStackTrace();
}
session.setAttribute("gedAccess",gedAccess);
session.setAttribute("application",p_applicationMetier);
Hashtable tokens = gedAccess.getTokens(usr);
session.setAttribute("tokens",tokens);
System.out.println("buildUrl="+buildUrl);
RequestDispatcher rd = getServletContext().getRequestDispatcher(buildUrl);
rd.forward(request,response);
} catch (Exception e) {
e.printStackTrace();
}
}
// FIN DE CONNEXION OK ****************************************
} // fin du else si fin ou debut de session
} -
2. Re: why multiple authentication !
starksm64 Dec 3, 2004 3:56 PM (in response to hatoug)The JAAS login does not change the security association at the web container level such that forwarded request are done with that security context. The JAAS login affects calls to other secured resources like jms, ejbs, and jca. I have created a feature request to see if this is something we can provide support for in the future:
http://jira.jboss.com/jira/browse/JBWEB-3 -
3. Re: why multiple authentication !
hatoug Dec 6, 2004 5:23 AM (in response to hatoug)BUT When I use the basic authentication in web.xml,
<auth-method>BASIC</auth-method>
<realm-name>GedOnLine Securité</realm-name>
it works fine.
so why cannot it also work with a FORM authentication ? -
4. Re: why multiple authentication !
starksm64 Dec 6, 2004 11:12 AM (in response to hatoug)Because form auth requires tight integration with the web container security internals. Basic auth passes in the username and password as part of the http request and we integration with the http url authentication mechanism.