1 2 Previous Next 19 Replies Latest reply on Jun 1, 2006 12:40 PM by anil.saldhana

    Am I missing a trick?

    pander

      Hi,

      I am running jboss 4.04 and have implemented form based authentication using the DatabaseServerLoginModule. Everything is working fine. However, once my user has logged in I need to be able to access the user's username and password. I have checked through lots of the posts on here and seen other people requesting how to get at the j_username and j_password fields... The general reply seemed to be that they should use the ExtendedFormAuthenticator as per the corresponding Wiki page. I have followed the instructions of the Wiki page to the letter and have not been able to get it to work... I have added a context.xml file to my webapp WEB-INF directory (which didn't work) and so also modified the context.xml file under the jbossweb-tomcat55.sar directory... and of course bounced jboss.

      WebApp context.xml

      <!-- Add the ExtendedFormAuthenticator to get access to the username/password/exception -->
      <Context cookies="true" crossContext="true">
       <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
       includePassword="true" />
      </Context>
      



      Ammended tomcat context.xml


      <!-- The contents of this file will be loaded for each web application -->
      <Context cookies="true" crossContext="true">
       <!-- Session persistence is disable by default. To enable for all web
       apps set the pathname to a non-empty value:
       <Manager pathname="SESSIONS.ser" />
      
       To enable session persistence for a single web app, add a
       WEB-INF/context.xml
       -->
       <Manager pathname="" />
      
       <!-- Install an InstanceListener to handle the establishment of the run-as
       role for servlet init/destroy events.
       -->
       <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>
      
       <!-- Add the ExtendedFormAuthenticator to all applications by default -->
       <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
       includePassword="true" />
      
      </Context>
      



      I was then trying to access the j_username and j_password information in my JSP in the following manner as all the posts I read seemed to suggest that the username and password were cached in the session when you used the ExtendedFormAuthenticator:

      <%
       String username = (String) session.getAttribute("j_username");
       String password = (String) session.getAttribute("j_password");
       %>
       <p>Username: <%=username%></p>
       <p>Password: <%=password%></p>


      All i get is 'null' and 'null' for the username and password. What have I missed?

      I have also tried programatically trying to access the information and have had some degree of success but not exactly what I am looking for.

      Here is the code that has enabled me to see the user's username and the roles that the user belongs to.... but there is no password.... maybe I am missing something here?

      <%
      //Get the Authenticated Subject
      Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
      Set principals = subject.getPrincipals(Principal.class);
      Iterator iter = principals.iterator();
      while(iter.hasNext())
      {
       Principal p = (Principal)iter.next();
       if(p instanceof SimpleGroup) {
       SimpleGroup sg = (SimpleGroup)p;
       %> <p>Group:<%=sg.getName()%></p>
      <%
       Enumeration en = sg.members();
       while(en.hasMoreElements()) {
       String role = en.nextElement().toString();
       if(role != null) { %>
       <p>Role:<%=role%></p>
      <%
       }
       }
       } else {
       %><p>Something Else:<%=p%></p><%
       }
      }
      %>
      


      Any help, pointers, sample code would be greatly appreciated as I really need to try and get this sorted as I need the username and password within my webapp for something.

      Kind Regards,
      Paul.


        • 1. Re: Am I missing a trick?
          j2ee_junkie

          Hey Paul,


          Accessing the Subject (like you have done below) is great for getting the username principal and role principals, but I do not think you can get the password. So your best bet is to get the valve working.

          Verify that the valve has been added to your web app's pipeline. This is visible by viewing the mbean details of your web app's deployment in the jmx-console.

          cgriffith

          • 2. Re: Am I missing a trick?
            pander

            hi j2ee_junkie,

            Are you able to offer any further assistance?
            I am not exactly sure what I am looking for in the jmx-console... it's a little confusing. I can see there are some links under jboss.web that contain the word ExtendedFormAuthenticator and also my webapp name "AMI"

            The links are:

            host=localhost,name=ExtendedFormAuthenticator,path=/,type=Valve host=localhost,name=ExtendedFormAuthenticator,path=/AMI,seq=1,type=Valve
            host=localhost,name=ExtendedFormAuthenticator,path=/AMI,type=Valve

            There are a few more but these don't look relevant. I'm guessing that the top link is down to me adding the ExtendedFormAuthenticator in the tomcat context.xml and the 2 links below that are down to me adding a context.xml with the same valve in my webapp dir?

            If I click on either of these I get a "JMX MBean View" and a form with lots of customisable values in it. What do I do now? Am I looking at the right thing?

            Cheers.
            Paul.


            • 3. Re: Am I missing a trick?
              j2ee_junkie

              Paul,

              Sorry if I was too vague. You would be looking for a mbean under jboss.web that is something like

              J2EEApplication=none,J2EEServer=none,j2eeType=WebModule,name=//localhost/your_app
              .
              Look for the valveObjectNames attribute of this mbean. You should see a list of all the valves added to this applications context pipeline. So ExtendedFormAuthenticator valve should be there.

              If this valve is there, the next step would be to up the logging to TRACE for this logger and see what is happening during the request.

              cgriffith




              • 4. Re: Am I missing a trick?
                j2ee_junkie

                Paul,

                One thing I failed to mention before is that the use of this valve is only to put these (i.e. j_username, and j_password) parameters in the session scope if a.) they were passed in as form parameters to the login form
                and
                b.) if the user was forwarded to the login error page.

                I just realized that this is probably not what you are looking for. Let me know and I will advise.

                Again sorry for not noticing this earlier, cgriffith

                • 5. Re: Am I missing a trick?
                  pander

                  Ok, I found what you suggested to look for and there were 4 links there.

                  jboss.web:type=Valve,name=JaccContextValve,path=/AMI,host=localhost
                  jboss.web:type=Valve,name=ExtendedFormAuthenticator,path=/AMI,host=localhost
                  jboss.web:type=Valve,name=SecurityAssociationValve,path=/AMI,host=localhost
                  jboss.web:type=Valve,name=StandardContextValve,path=/AMI,host=localhost

                  So, it definitely looks like the context.xml with the ExtendedFormAuthenticator is getting setup.... but why isn't it working!!!

                  How do I up the logging for this Valve then?

                  Just before I do up the logging, can you sanity check the very basic method I was using to check for j_username and j_password in the session... the code example was in my first post. I think as long as the vales are being set then the code should work, but this has been driving me crazy so you know how you get sometimes... it's like "did I leave the oven on" !!!

                  Cheers.
                  Paul.




                  The only link I could find which resembled your example was as follows:

                  J2EEApplication=null,J2EEServer=Local,j2eeType=WebModule,name=AMI.war

                  When I click on this I can see nothing to do with Valves at all....


                  • 6. Re: Am I missing a trick?
                    anil.saldhana

                    Add the following to your log4j.xml

                     <category name="org.jboss.web.tomcat.security">
                     <priority value="TRACE" class="org.jboss.logging.XLevel"/>
                     </category>
                    



                    Now in your server.log, you should see log entries under the "FormAuthValve" name (We had a logger copy/paste error)

                    • 7. Re: Am I missing a trick?
                      pander

                      Hmmmmm, the plot thinkens junkie...

                      I just uncommented the request dumper in the tomcat server.xml file and when I check the server.log I can not see ANY mention of ExtendedFormAuthenticator.... it only shows FormAuthenticator. Snippet below...

                      2006-05-31 17:35:52,687 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Authenticating username 'pander'
                      2006-05-31 17:35:52,687 DEBUG [org.jboss.security.plugins.JaasSecurityManager.AMIRealm] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@2465e5
                      2006-05-31 17:35:52,687 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@19dbc3b
                      2006-05-31 17:35:52,703 DEBUG [org.jboss.security.plugins.JaasSecurityManager.AMIRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@b103dd
                      2006-05-31 17:35:52,703 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@b103dd
                      2006-05-31 17:35:52,703 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added AMIRealm, org.jboss.security.plugins.SecurityDomainContext@174d4c9 to map
                      2006-05-31 17:35:52,718 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: registering pool with interval 900000 old interval: 9223372036854775807
                      2006-05-31 17:35:52,718 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: about to notify thread: old next: 1149093802718, new next: 1149093802718
                      2006-05-31 17:35:53,062 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Authentication of 'pander' was successful
                      2006-05-31 17:35:53,062 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Redirecting to original '/AMI/'


                      Any ideas?

                      Paul.

                      • 8. Re: Am I missing a trick?
                        pander

                        Anil,

                        Thank you for you help.... unfortunately though I think it is not working correctly as I get a series of errors when starting my server to do with LOG4J. I think this is a known bug... it happens on a straight out the box download of jboss 4.04... which is what I am running.

                        The error reads:

                        17:46:36,875 ERROR [STDERR] log4j:ERROR A "org.jboss.logging.util.OnlyOnceErrorHandler" object is not assignable to a "
                        rg.apache.log4j.spi.ErrorHandler" variable.
                        17:46:36,875 ERROR [STDERR] log4j:ERROR The class "org.apache.log4j.spi.ErrorHandler" was loaded by
                        17:46:36,875 ERROR [STDERR] log4j:ERROR [WebappClassLoader
                        delegate: false
                        repositories:
                        /WEB-INF/classes/
                        ----------> Parent Classloader:
                        java.net.FactoryURLClassLoader@272fec
                        ] whereas object of type
                        17:46:36,875 ERROR [STDERR] log4j:ERROR "org.jboss.logging.util.OnlyOnceErrorHandler" was loaded by [org.jboss.system.s
                        rver.NoAnnotationURLClassLoader@ab95e6].
                        17:46:36,906 ERROR [STDERR] log4j:ERROR Could not create an Appender. Reported error follows.
                        17:46:36,906 ERROR [STDERR] java.lang.ClassCastException: org.jboss.logging.appender.DailyRollingFileAppender
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:175)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:150)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:16
                        )
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.ja
                        a:425)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:394)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:829)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:468

                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.LogManager.<clinit>(LogManager.java:122)
                        17:46:36,906 ERROR [STDERR] at org.apache.log4j.Logger.getLogger(Logger.java:104)
                        17:46:36,906 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        17:46:36,906 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        17:46:36,906 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25


                        and then further down it also says...

                        17:46:37,078 ERROR [STDERR] log4j:ERROR Could not parse url [file:/C:/jboss/server/default/conf/log4j.xml].
                        17:46:37,078 ERROR [STDERR] java.lang.NullPointerException
                        17:46:37,078 ERROR [STDERR] at java.util.Hashtable.put(Hashtable.java:396)
                        17:46:37,078 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:151)
                        17:46:37,078 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:163
                        )
                        17:46:37,078 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.jav
                        a:425)
                        17:46:37,093 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:394)
                        17:46:37,109 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:829)
                        17:46:37,109 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)
                        17:46:37,109 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618)
                        17:46:37,109 ERROR [STDERR] at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:468)


                        Any ideas?

                        Cheers,
                        Paul.


                        • 9. Re: Am I missing a trick?
                          pander

                          Hi junkie,

                          Sorry... didn't see your post with the 'a' and 'b' parts...

                          So, are you saying then that the ExtendedFormAuthenticator will ONLY put j_username and j_password in the session if the user is redirected to the login error page? What is the point of that?

                          That's not how I interpretted it... I thought it put j_username and j_password into the session regardless of whether the login attempt was successful or not. I thought the only difference was that if the login is not successful then the exception is made accessible and placed into the session so that you can display an appropriate reason for the login failure.

                          Let me just clarify again.....

                          I have a valid user, who has logged in using Form Authentication and the DatabaseServerLoginModule. Is there a way to get that user's USERNAME and PASSWORD as I need to use them within my webapp?

                          Cheers
                          Paul.

                          • 10. Re: Am I missing a trick?
                            j2ee_junkie

                            Paul,

                            See my comments in my last post. The ExtendedFormAuthenticator is not what I think you want to use. To demonstrate that, I am looking at your log output that shows you ('pander') successfully logging in. As I mentioned, the valve does not put the username (and password) in session if login was successful.

                            I missed that point when I first tried to help you. I think what you want is a way to access these things once a user is logged in successfully, correct?

                            cgriffith

                            • 11. Re: Am I missing a trick?
                              anil.saldhana
                              • 12. Re: Am I missing a trick?
                                pander

                                Guys,

                                This is starting to drive me crazy now, big time!

                                (j2ee_junkie) - YES, I NEED A WAY TO ACCESS THE USERNAME AND PASSWORD AFTER A USER HAS SUCCESSFULLY LOGGED IN !!

                                Here's the state of play.... I now have both the ExtendedFormAuthenticator and the FormAuthValve defined in my apps context.xml and according to the JMX console they both seem to be loaded and configured correctly.... and yet.... STILL "null" and "null" when I try and access the username and password values in a JSP (within my protected web content i.e. after logging in) using the method below:

                                <%
                                String username = (String) session.getAttribute("j_username");
                                String password = (String) session.getAttribute("j_password");
                                %>
                                <p>Username: <%=username%></p>
                                <p>Password: <%=password%></p>


                                Guys, it is really beyond me that this is not better documented somewhere on this site... I cannot believe that I am the first person that needs the username and password after successfully loggin in !!!

                                junkie, you obviously didn't understand what I was looking for to begin with so that's fine, but hopefully you do now, and anil your comment about using the FormAuthValve seemed to make sense when I saw the code... but neither Valves seem to be working... I can't get the TRACE working anil because of the Log4J problem....

                                22:19:52,796 ERROR [STDERR] log4j:ERROR Could not create level [TRACE]. Reported error follows.
                                22:19:52,796 ERROR [STDERR] java.lang.ClassCastException: org.jboss.logging.XLevel
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseLevel(DOMConfigurator.java:522)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.jav
                                a:438)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parseCategory(DOMConfigurator.java:345)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:827)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618)
                                22:19:52,796 ERROR [STDERR] at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:468)


                                This is all so frustrating !!!!



                                • 13. Re: Am I missing a trick?
                                  pander

                                  Hi guys,

                                  I don't think this is the intended TRACE that anil wanted me to setup, but it may be useful in trying to diagnose the problem...

                                  Here is a section of the server.log from the login form, a successful login and then a redirect to index.jsp (my landing page once logged in).

                                  2006-05-31 22:33:10,843 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Authenticating username 'pander'
                                  2006-05-31 22:33:10,843 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=pander
                                  2006-05-31 22:33:11,359 DEBUG [org.jboss.security.plugins.JaasSecurityManager.AMIRealm] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@174d4c9
                                  2006-05-31 22:33:11,359 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@13e02ed
                                  2006-05-31 22:33:11,359 DEBUG [org.jboss.security.plugins.JaasSecurityManager.AMIRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@322394
                                  2006-05-31 22:33:11,359 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@322394
                                  2006-05-31 22:33:11,359 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added AMIRealm, org.jboss.security.plugins.SecurityDomainContext@1bdcbb2 to map
                                  2006-05-31 22:33:11,375 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: registering pool with interval 900000 old interval: 9223372036854775807
                                  2006-05-31 22:33:11,375 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] internalRegisterPool: about to notify thread: old next: 1149111641375, new next: 1149111641375
                                  2006-05-31 22:33:11,625 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: pander is authenticated
                                  2006-05-31 22:33:11,625 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: panderto: pander
                                  2006-05-31 22:33:11,625 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[pander(ami.admin,ami.distributor,)]
                                  2006-05-31 22:33:11,625 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Authentication of 'pander' was successful
                                  2006-05-31 22:33:11,625 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Redirecting to original '/AMI/'
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] ---------------------------------------------------------------
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] authType=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentLength=-1
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentType=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=Location=https://localhost:8443/AMI/
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] message=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] remoteUser=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] status=302
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] ===============================================================
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] REQUEST URI =/AMI/
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] authType=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] characterEncoding=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentLength=-1
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contentType=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] contextPath=/AMI
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] cookie=JSESSIONID=35639F9D571604D6673E15687DAD34F5
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=referer=https://localhost:8443/AMI/
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept-language=en-us
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=accept-encoding=gzip, deflate
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=user-agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; InfoPath.1)
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=host=localhost:8443
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=connection=Keep-Alive
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=cache-control=no-cache
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=cookie=JSESSIONID=35639F9D571604D6673E15687DAD34F5
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] locale=en_US
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] method=GET
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] pathInfo=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] protocol=HTTP/1.1
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] queryString=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] remoteAddr=127.0.0.1
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] remoteHost=127.0.0.1
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] remoteUser=null
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] requestedSessionId=35639F9D571604D6673E15687DAD34F5
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] scheme=https
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] serverName=localhost
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] serverPort=8443
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] servletPath=/index.jsp
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] isSecure=true
                                  2006-05-31 22:33:11,625 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] ---------------------------------------------------------------
                                  2006-05-31 22:33:11,640 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Restore request from session '35639F9D571604D6673E15687DAD34F5'
                                  2006-05-31 22:33:11,640 DEBUG [org.jboss.web.tomcat.security.FormAuthenticator] Proceed to restored request
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[pander(ami.admin,ami.distributor,)]
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: ami.distributor
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: ami.child
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.FormAuthValve] Enter, j_username=null
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callerGenericPrincipal[pander(ami.admin,ami.distributor,)]
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
                                  2006-05-31 22:33:11,640 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callerGenericPrincipal[pander(ami.admin,ami.distributor,)]
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.FormAuthValve] SessionID: 35639F9D571604D6673E15687DAD34F5
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.FormAuthValve] SecurityAssociation.exception: null
                                  2006-05-31 22:33:11,828 TRACE [org.jboss.web.tomcat.security.FormAuthValve] Exit, username: null


                                  As you can see, the FormAuthValve does seem to be active, but j_username seems to be null which is a little worrying...

                                  Paul.

                                  • 14. Re: Am I missing a trick?
                                    j2ee_junkie

                                    Paul,

                                    Things here are starting to pile up. As already noted, the ExtendedFormAuthenticator puts the j_username (and possible j_password) in the session on the way to your login form or on the way to your error page. Thus if you successfully log in the first time, you will not have these values in you session.

                                    That said, I think you need something that will allow you to get the username and password after a user has successfully logged in. Which you confirmed. The FormAuthValve should work the way you expect it to. However there are other ways to do this that require more work. Let me know if you are interested.

                                    At this point, I suggest you verify that the FormAuthValve is in your application's pipeline. And get Log4j working at TRACE level for this valve.

                                    as far as your comment...


                                    Guys, it is really beyond me that this is not better documented somewhere on this site... I cannot believe that I am the first person that needs the username and password after successfully loggin in !!!

                                    is concerned. I do not think this could be documented any better. The fact that you are having problems to me means that there is some obscure detail that we are missing. Something that is not related to how to get this working. In any case, that is what we are trying to discover.

                                    let us know when you have more to offer, chris griffith


                                    1 2 Previous Next