Error stack:

org.hibernate.HibernateException: Unable to locate current JTA transaction
 at org.hibernate.context.JTASessionContext.currentSession(JTASessionContext.java:61)
 at org.hibernate.impl.SessionFactoryImpl.getCurrentSession(SessionFactoryImpl.java:542)
 at org.jboss.portal.identity.db.HibernateUserModuleImpl.getCurrentSession(HibernateUserModuleImpl.java:291)
 at org.jboss.portal.identity.db.HibernateUserModuleImpl.findUserByUserName(HibernateUserModuleImpl.java:91)

Thanks folks, but I am not making this call in a portlet. I am trying to authenticate the user WITHOUT using the Out-of-the-box FORM-based authentication and as part of these changes, I've disabled FORM-based authentication, created a new servlet that does the authentication and a redirect based on the user's original request.

So, I need to get a handle to the UserModule (and therefore, the user) outside the scope of a JBoss portlet. How can I accomplish this? Thanks very much for your help.

ok, i think i found it. i am doing it programmatically using the JBossTransactionManagerLookup.getTransactionManager() API.

While this works, and I am able to explicitly set the "portal.principal" session attribute to a HashMap that contains the Portal User object, I am still not able to get past the main issue which is JBoss Portal not finding the principals though the user has been authenticated.

The only thing to note here is that there are 2 applications here, and the session contexts are different.

Thanks Sohil. Yes, this is exactly what I am doing (I also tried using the JBoss TransactionManager class directly, and that worked too). Now, I am able to explicitly set the "portal.principal" session attribute to this user but like I mentioned earlier, it still doesn't help.

The principals are not set by JBoss Portal and therefore, I can't access the portal. Authentication is done using a custom security realm and all of it goes through fine but for some reason, it doesn't find the principals.

If you could suggest a way to set the principals manually after doing the authentication, that would be immensely helpful. Thanks.

- krish

"So in your case I would recommend using a Tomcat Valve to process your authentication and set up the Subjects the way JAAS does it inside Tomcat. "

Is this my ONLY option? I am not familiar with either how Tomcat valves work, or how subjects are set inside Tomcat, so it might be a little painful to get this done in a day or so :(

"btw- why can't you re-use JBoss Portal's JAAS mechanism and just plug in your own LoginModule for your application specific authentication logic? "

Could you elaborate on this? I've implemented a number of custom login modules that are stacked. I was able to authenticate the users against this security realm SO LONG as I used container managed authentication and j_security_check. Everything worked fine. But, I need to move away from that and explicitly initialize the LoginContext (using the same security realm) due to some other reason and that is where things are not working.

If there is a simple way to move away from container managed FORM-based authentication for JBoss Portal and invoke the security realm explicitly, keeping everything else the same, that would work perfect for me.

"sohil.shah@jboss.com" wrote:
to integrate with the JAAS security realm, your best bet/cleanest solution would be to write your own Tomcat Authenticator (which is actually a form of Tomcat Valve)

Authenticators are actually pretty simple in tomcat and best source of "How To" is the tomcat source code and see how the existing Authenticators like Form, basic, etc are written.

You should be able to write your own looking at that.


On the otherhand, I don't know what your authentication requirements are but most of the times LoginModules are able to create application state just fine. You have access to the HttpServletRequest, HttpServletResponse, and HttpSession inside your LoginModule, so what other objects do you need to populate/setup the proper LoginContext for your application?

Thanks