This content has been marked as final. 
    
Show                 5 replies
    
- 
        1. Re: My LoginModule needs more than just j_username and j_pasnigelwhite Dec 13, 2005 4:54 AM (in response to nigelwhite)Well? Gurus? 
 Surely there must be many cases where a LoginHandler needs more than just username/password?
 This is a major shortcoming, and means we can't use container-managed form based authentication.
- 
        3. Re: My LoginModule needs more than just j_username and j_pasnigelwhite Jan 3, 2006 4:02 AM (in response to nigelwhite)I'm surprised that you suggest such a complex hack. 
 In fact, using static methods of the the JACC javax.security.jacc.PolicyContext object, you can useHttpServletRequest request = (HttpServletRequest)PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
 Using javax.security.jacc.PolicyContext.getHandlerKeys(), in my LoginModule, I find
 PolicyContext has "javax.ejb.arguments"
 PolicyContext has "javax.servlet.http.HttpServletRequest". It is a org.apache.catalina.connector.RequestFacade
 PolicyContext has "javax.security.auth.Subject.container"
 PolicyContext has "javax.xml.soap.SOAPMessage"
 PolicyContext has "org.jboss.ejb.BeanMetaData"
 PolicyContext has "javax.ejb.EnterpriseBean"
 Most of the keys return null, only the "javax.servlet.http.HttpServletRequest" key returns anything.
 On Logout, I find
 PolicyContext has "javax.ejb.arguments"
 PolicyContext has "javax.servlet.http.HttpServletRequest". It is a org.apache.catalina.connector.RequestFacade
 PolicyContext has "javax.security.auth.Subject.container". It is a javax.security.auth.Subject
 PolicyContext has "javax.xml.soap.SOAPMessage"
 PolicyContext has "org.jboss.ejb.BeanMetaData"
 PolicyContext has "javax.ejb.EnterpriseBean"
 So, looks like you can find the Subject any time using the "javax.security.auth.Subject.container" key.
- 
        4. Re: My LoginModule needs more than just j_username and j_paspdesai Mar 24, 2006 12:30 PM (in response to nigelwhite)I am using Jboss 3.2.7 and I am trying to solve a similar problem. I am writing Custom JAAS LoginModule and want to access HttpSession in the LoginModule to store some information. 
 Using static methods of the the JACC javax.security.jacc.PolicyContext object is a good solution, but it is available only in J2ee1.4. Is there a way to do this in JBoss 3.27?
- 
        5. Re: My LoginModule needs more than just j_username and j_passtarksm64 Mar 25, 2006 8:00 AM (in response to nigelwhite)
 
     
    