2 Replies Latest reply on Apr 16, 2008 9:43 AM by chrlon

Calling LoginContext.login successful but SSO cookie not se

bmcgovern Nov 15, 2006 10:09 AM

Ive gotten SSO to work for jboss portal and a supporting webapp on the same virtual host. But my login routine not only needs to authenticate the user against jboss portals user database, but also pull some information from a supporting database and work with it.

My problem is that I created a login method in my business layer that executes the following code and succesfully returns true of false for my login credentials. It however does not set the SSO cookie and I cannot figure out why not.

Incidently I tested the security constraint and login-config with both BASIC and FORM authentication and it works like a charm. Without changing anything but the login forms action from j_security_check to a MyController, which calls the method below -- it was working fine.

Any help ? Anyone.. Bueller?

Heres the code:
My Authentication Class

public class SSOLogin {
 protected static final Log log = LogFactory.getLog(SSOLogin.class);



 public boolean authenticate(String userid, String password) throws LoginException {
 log.info("SSOLogin.authenticate(String, String) was called.");
 boolean result = false;
 try {
 log.info("SSOLogin.authenticate(String, String) creating LoginContext.");
 LoginContext loginContext = new LoginContext("myauth", new SSOCallbackHandler(userid, password));
 log.info("SSOLogin.authenticate(String, String) executing login.");
 loginContext.login();
 result = true;
 } catch (LoginException e) {
 // A production quality implementation would log this message
 log.info("Exception:: " + e.getMessage());
 result = false;
 throw e;
 }
 log.info("SSOLogin.authenticate(String, String) exiting method - Login was " + result);
 return result;
 }
}

Which depends on a custom callback handler:

public class SSOCallbackHandler implements CallbackHandler {
 protected static final Log log = LogFactory.getLog(SSOCallbackHandler.class);

 private String username;
 private char[] credentials;

 public SSOCallbackHandler(String username, String credentials) {
 super();

 this.username = username;
 this.credentials = credentials.toCharArray();
 }

 public void handle(Callback callbacks[])throws IOException, UnsupportedCallbackException {

 for (int i = 0; i < callbacks.length; i++) {
 if (callbacks instanceof NameCallback) {
 ((NameCallback) callbacks).setName(username);
 }
 else if (callbacks instanceof PasswordCallback) {
 ((PasswordCallback) callbacks).setPassword(credentials);
 } else {
 throw new UnsupportedCallbackException(callbacks);
 }
 }
 }
 }

1. Re: Calling LoginContext.login successful but SSO cookie no

bmcgovern Nov 15, 2006 1:14 PM (in response to bmcgovern)

Maybe I wasnt so clear. I want to be able to programmatically call my login SSO routine and if it passes, set some other non SSO objects in the session.

What is the best way to do this?
Actions
2. Re: Calling LoginContext.login successful but SSO cookie no

chrlon Apr 16, 2008 9:43 AM (in response to bmcgovern)

Waking an old thread...
I've got exactly the same problem, no sso cookie when creating my own login contex (as bmcgovern does) but works when using built in form authentication. I'm probably missing something but can't figure out what it is.

A solution would be most welcome :)

Bmcgovern...did you find a solution?
Actions

Go to original post