This content has been marked as final.
Show 5 replies
-
1. Re: My LoginModule needs more than just j_username and j_pas
nigelwhite Dec 13, 2005 4:54 AM (in response to nigelwhite)Well? Gurus?
Surely there must be many cases where a LoginHandler needs more than just username/password?
This is a major shortcoming, and means we can't use container-managed form based authentication. -
3. Re: My LoginModule needs more than just j_username and j_pas
nigelwhite Jan 3, 2006 4:02 AM (in response to nigelwhite)I'm surprised that you suggest such a complex hack.
In fact, using static methods of the the JACC javax.security.jacc.PolicyContext object, you can useHttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
Using javax.security.jacc.PolicyContext.getHandlerKeys(), in my LoginModule, I find
PolicyContext has "javax.ejb.arguments"
PolicyContext has "javax.servlet.http.HttpServletRequest". It is a org.apache.catalina.connector.RequestFacade
PolicyContext has "javax.security.auth.Subject.container"
PolicyContext has "javax.xml.soap.SOAPMessage"
PolicyContext has "org.jboss.ejb.BeanMetaData"
PolicyContext has "javax.ejb.EnterpriseBean"
Most of the keys return null, only the "javax.servlet.http.HttpServletRequest" key returns anything.
On Logout, I find
PolicyContext has "javax.ejb.arguments"
PolicyContext has "javax.servlet.http.HttpServletRequest". It is a org.apache.catalina.connector.RequestFacade
PolicyContext has "javax.security.auth.Subject.container". It is a javax.security.auth.Subject
PolicyContext has "javax.xml.soap.SOAPMessage"
PolicyContext has "org.jboss.ejb.BeanMetaData"
PolicyContext has "javax.ejb.EnterpriseBean"
So, looks like you can find the Subject any time using the "javax.security.auth.Subject.container" key. -
4. Re: My LoginModule needs more than just j_username and j_pas
pdesai Mar 24, 2006 12:30 PM (in response to nigelwhite)I am using Jboss 3.2.7 and I am trying to solve a similar problem. I am writing Custom JAAS LoginModule and want to access HttpSession in the LoginModule to store some information.
Using static methods of the the JACC javax.security.jacc.PolicyContext object is a good solution, but it is available only in J2ee1.4. Is there a way to do this in JBoss 3.27? -
5. Re: My LoginModule needs more than just j_username and j_pas
starksm64 Mar 25, 2006 8:00 AM (in response to nigelwhite)