-
1. Re: Dynamic login behavior
techiestuff Jun 8, 2005 7:34 PM (in response to techiestuff)Hi again,
I have got some parts of the problem working which is sort of a work around.
I wrote my callbackhandler and customloginmodule. To the callbackhandler I pass the IP address instead of the password although the type is still PasswordCallback. In the customloginmodule(extended from UsernamePasswordLoginModule) made the following change-
protected String getUsersPassword()
throws LoginException
{
return ("IP I am looking for");
}
protected Group[] getRoleSets()
{
Group[] groups = {new SimpleGroup("Roles")};
SimplePrincipal role = new SimplePrincipal("Priviliged");
groups[0].addMember(role);
return groups;
}
Now in one of the action classes, I created a new logincontext and invoked the login method.
The problem is that the JBoss server still does not know the user has been authenticated with the given role. When trying to access a protected resource with anonymous(null) user and Priviliged role, it still asks for the username and password.
I'd really appreciate any help. -
2. Re: Dynamic login behavior
techiestuff Jun 8, 2005 11:05 PM (in response to techiestuff)Did not mention explicitly in my previous post, that I used the SecurityAssociation.setSubject method so that JaasSecurityManager has an active subject. The browser still gives me the username/password popup although the jaassecuritymanager has an active subject.
Do I need to set the user principal in request?or some other object?
From my understanding, if the security manager has an active subject it means it has been authenticated.