Am I missing a trick?
pander May 31, 2006 5:09 AMHi,
I am running jboss 4.04 and have implemented form based authentication using the DatabaseServerLoginModule. Everything is working fine. However, once my user has logged in I need to be able to access the user's username and password. I have checked through lots of the posts on here and seen other people requesting how to get at the j_username and j_password fields... The general reply seemed to be that they should use the ExtendedFormAuthenticator as per the corresponding Wiki page. I have followed the instructions of the Wiki page to the letter and have not been able to get it to work... I have added a context.xml file to my webapp WEB-INF directory (which didn't work) and so also modified the context.xml file under the jbossweb-tomcat55.sar directory... and of course bounced jboss.
WebApp context.xml
<!-- Add the ExtendedFormAuthenticator to get access to the username/password/exception --> <Context cookies="true" crossContext="true"> <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator" includePassword="true" /> </Context>
Ammended tomcat context.xml
<!-- The contents of this file will be loaded for each web application --> <Context cookies="true" crossContext="true"> <!-- Session persistence is disable by default. To enable for all web apps set the pathname to a non-empty value: <Manager pathname="SESSIONS.ser" /> To enable session persistence for a single web app, add a WEB-INF/context.xml --> <Manager pathname="" /> <!-- Install an InstanceListener to handle the establishment of the run-as role for servlet init/destroy events. --> <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener> <!-- Add the ExtendedFormAuthenticator to all applications by default --> <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator" includePassword="true" /> </Context>
I was then trying to access the j_username and j_password information in my JSP in the following manner as all the posts I read seemed to suggest that the username and password were cached in the session when you used the ExtendedFormAuthenticator:
<% String username = (String) session.getAttribute("j_username"); String password = (String) session.getAttribute("j_password"); %> <p>Username: <%=username%></p> <p>Password: <%=password%></p>
All i get is 'null' and 'null' for the username and password. What have I missed?
I have also tried programatically trying to access the information and have had some degree of success but not exactly what I am looking for.
Here is the code that has enabled me to see the user's username and the roles that the user belongs to.... but there is no password.... maybe I am missing something here?
<% //Get the Authenticated Subject Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); Set principals = subject.getPrincipals(Principal.class); Iterator iter = principals.iterator(); while(iter.hasNext()) { Principal p = (Principal)iter.next(); if(p instanceof SimpleGroup) { SimpleGroup sg = (SimpleGroup)p; %> <p>Group:<%=sg.getName()%></p> <% Enumeration en = sg.members(); while(en.hasMoreElements()) { String role = en.nextElement().toString(); if(role != null) { %> <p>Role:<%=role%></p> <% } } } else { %><p>Something Else:<%=p%></p><% } } %>
Any help, pointers, sample code would be greatly appreciated as I really need to try and get this sorted as I need the username and password within my webapp for something.
Kind Regards,
Paul.