2 Replies Latest reply on Mar 12, 2007 2:09 PM by anil.saldhana

    How to capture HttpSession expire event - JAAS with JBoss

    vakuthota Nov 10, 2006 4:51 PM

      When an HTTP session expires and the client makes a request to any secured resource, the JAAS subject will not be found for authorization. At this point, the security framework creates a new HTTP session, stores the target URL value in the session, and then redirects the user to the login page. After a successful login process, the user is forwarded back to the target page.

      But i want to redirect to the specific page....how can i achieve this ??

      In Weblogic to achieve this weblogic.servlet.security.AuthFilter abstract class, as part of the WebLogic Server security API, provides hooks into the internal workings of the WebLogic JAAS Framework.

      It has the following methods to acheive it. i.e.,


      /** Called just before Authentication and Authorization occurs in the Web Application. */

public void doPreAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)

/** Called just after Authentication and Authorization occurs in the Web Application, if the process was a success. */

public boolean doSuccessAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)

/** Called just after Authentication and Authorization occurs in the WebApplication, if the process was a failure. */

public void doFailAuth(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res)


      By implementing AuthFilter we can capture this.

      But i did not find a way to capture this in JBoss security API ??
      How can we do this...

      Appreciate your suggestion.

      • 49446 Views
      • Tags: