2 Replies Latest reply on Mar 23, 2006 5:30 PM by notarzt-hd

    FormAuthenticator with User Output

    notarzt-hd
    notarzt-hd Mar 23, 2006 8:48 AM

      Hello,

      I am new to Jboss and using EJBs+Servlets with XML output together with RIA Frontend on the Client side.

      I want to make a secure application by using FormAuthentication.
      The j_security_check, after sucessfull check, makes a "REDICRECT" to the original requested Page e.g. "MyApp.xyz". My RIA Forntend is not accepting such REDIRECTs. Better i want to get back some XML Output in a HTTP-Response e.g. "originalRequestedPage.xyz" (Like output of normal Servlet)

      I watched a bit in the JBOSS-AS Source and found the file:

      org.jboss.web.tomcat.security.FormAuthenticator
      In the method

      public boolean authenticate(Request request,Response response, LoginConfig config);

      I was changing the Line 

      response.sendRedirect(response.encodeRedirectURL(requestURI));

      to 

      response.getResponse().getWriter().println("<Answer>" + requestURI + "</Answer>");


      but the behaivior of j_security_check is not what I want: After sucessfull check NOTHING IS GOING ON! No Redirect (good!) and no output :(

      May I not understood the sourcecode!? May the FormAuthenticator does not send the HTTP-Response?
      I badly need this feature - how can I implement it?

      Thx, Michael

      PS. I havent found somewhere in the JBOSS-AS Source Code which calls the FormAuthenticator or ExtendedFormAuthenticator ?? How it is used?

      • 2484 Views
      • Tags:
        • 1. Re: FormAuthenticator with User Output
          j2ee_junkie
          j2ee_junkie Mar 23, 2006 9:08 AM (in response to notarzt-hd)

          Micheal,

          If you want to use the org.jboss.web.tomcat.security.FormAuthenticator (or your modified version) you need make sure Tomcat knows to use this authenticator when asked to do FORM authentication. Tomcat has a mapping of authentication type (i.e. BASIC, DIGEST, FORM, etc.) to authenticator (i.e. BasicAuthenticator, DigestAuthenticator, FormAuthenticator, etc.) in a file org/apache/catalina/startup/Authenticators.properties. When Tomcat is started, this property file is loaded. When your application specifies an authentication type via the auth-method element, the matching authenticator is loaded for your app's context. By default, Tomcat uses org.apache.catalina.authenticators.FormAuthenticator when FORM auth-method is specified. To specify a different authenticator there are three things you can do.


          1: unpack $YOUR_SERVER/deploy/jbossweb-tomcatXX.sar/catalina.jar. Modify Authenticators.properties file. Repack catalina.jar. Restart server.

          2: Same as 1, only leave catalina.jar unpacked.

          3: Use JBoss > 4.0.2. Now there is a way to specify authenticators in Tomcat's service descriptor file.


          Hope this helps, cgriffith


            • Actions
          • 2. Re: FormAuthenticator with User Output
            notarzt-hd
            notarzt-hd Mar 23, 2006 5:30 PM (in response to notarzt-hd)

            Hi cgriffith,

            thank you very much! After i copied my "self made Authenticator CLASS" to the catalina JAR and made the reference in the properties File: It is working :))

            Thx and greetings,
            Michael

              • Actions