-
1. Re: Adding data to session after login
anavailablename Jul 12, 2006 5:16 PM (in response to pander)did you ever find your solution for this? i want to do the exact same thing, can't find any other related threads that seem to deal with this issue.
-
2. Re: Adding data to session after login
warrenc6 Jul 12, 2006 8:31 PM (in response to pander)The flaw is that loginmodule and request sessions are not interoperable
I propose a solution thus,
after requesting j_login_config and performing a successful login automaticall redirected to the protected resource. Perhaps you need to use a FilterChain mapping on * and call getUserPrinciapl then cast the ServletRequest to HttpServletRequest and get the session. Check the session for the principal is null or equality. If it is null or not not equal, then the user has logged in or relogged in.
Hope this help/works -
3. Re: Adding data to session after login
j2ee_junkie Jul 13, 2006 8:37 AM (in response to pander)Paul,
Warrenc6 is leading you in the wrong direction.
Your idea to extend DatabaseServerLoginModule is a good choice. In order for you to access the HttpSession from you login module you will need to see http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthentication
let us know if you need more help, cgriffith -
4. Re: Adding data to session after login
pander Jul 13, 2006 8:46 AM (in response to pander)Hi j2ee_junkie,
Yes, thanks for that. I had come to the same conclusion a little while ago now. I have indeed settled for my original idea which is to populate some beans via a database query during the login process. i.e. If the user has logged in successfully then I query the database and then put the populated beans in the session for future use.
'anavailablename', if you are still stuck with what to do you could always try this:public class DBLoginModule extends DatabaseServerLoginModule { /** The JACC PolicyContext key for the current Subject */ public static final String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest"; public boolean login() throws LoginException { boolean loginAccepted = super.login(); if(loginAccepted) { HttpServletRequest request = null; HttpSession session = null; try { request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY); session = ((HttpServletRequest) request).getSession(true); } catch(PolicyContextException e) { log.error("Unable to retrieve Policy Context: "+e.getMessage()); e.printStackTrace(); return false; } // make your database queries here and populate beans // add to session // NB: if you need to due to errors or other problems you can always revoke // the login at any point by setting loginAccepted to false. } return loginAccepted; } }
-
5. Re: Adding data to session after login
warrenc6 Jul 13, 2006 9:58 PM (in response to pander)Glad that it works.
Point to note however, from a code design perspective you are assuming that your loginmodule is on the same machine/process as jboss-tomcat.
For arguments sake say loginmodule was a proxy to another loginmodule on another platform. You totally lose portability.
That is not C.O.O.L. ! Bad PolicyContext bad PolicyContext
If PolicyContext was a cat, I wouldn't feed it.