0 Replies Latest reply on Aug 23, 2006 6:11 AM by atamur

    explicit authentication via JAAS in a web app

    atamur

      1. I don't need declarative security, because our application is ajax based
      2. I need JAAS, because I'd like to use it with ejb
      3. The only option I see (setting aside some perverse methods including servlets, redirects and j_security_check) is to do login stuff manually.

      So, now I'm struggling to implement a method:

      void authenticateUser(HttpServletRequest, long userId, String role)

      that should bind current user session to some principle with given userId and role. User and password are already tested against DB and authorized. Now I need JAAS to know about this.

      As far as I understand, I cannot use stuff like this in a servlet
      LoginContext lc = null;
      lc = new LoginContext("Sample", new MyCallbackHandler());
      lc.login();


      Can some one help me?

      PS there is a lot of legacy code, so I really cannot use FORM base authentication as my primary method of authentication