2 Replies Latest reply on Jun 25, 2005 6:47 AM by dumbledore

Servlet creates LoginContext, should be used by Web-Containe

dumbledore Jun 22, 2005 3:03 AM

Hi,

javas.security.auth.login.LoginContext lc;
AppCallbackHandler ach; // just like in Scott's Jaas-Tutorial...

ach = new AppCallbackHandler(composedUserName, password.toCharArray());

lc = new LoginContext("plebs", ach);

lc.login();

This code works well in a servlet. The login-context (last line) contains data for the principal and its roles. Is it possible to let the web-container further on use these principal-data to authenticate the user? I don't think so, because I can't give the login-context or principals to the web-container. Or am I wrong?

1. Re: Servlet creates LoginContext, should be used by Web-Cont

starksm64 Jun 24, 2005 8:09 PM (in response to dumbledore)

This is not supported as it cannot be made to work in general. With CLIENT-CERT authentication that requires authentication at both the SSL transport level and the web container level, how are we going to push back the client cert neccessary? The problem with web authentication is that in general its the browser/user agent that has to provide the security context via http headers.
Actions
2. Re: Servlet creates LoginContext, should be used by Web-Cont

dumbledore Jun 25, 2005 6:47 AM (in response to dumbledore)

Thanks Scott!
Actions

Go to original post