1 Reply Latest reply on Jan 28, 2010 10:17 AM by wolfgangknauf

How to update UserPrincipal in servlet?

epic4826 Jan 28, 2010 9:54 AM

I have JAAS setup on JBoss 4.2.3 using FormAuthenticator, our custom LoginModule that implements AbstractServerLoginModule and security-constraint on web.xml. It's all working.

But we have to use a HTML form with j_security fields for username and password. At times we want to auto login user, which results in adding javascript to submit the form on page load and populating a hidden password field; and we don't like this method.

Googled around I found it's possible to login user using Servlet: for example:

LoginContext lc = new LoginContext("client-login", handler);
lc.login();

but this login method doesn't persistent across pages unless I add a filter on protected resource to handle it manually. I don't want to do that.

I guess is once I log user in in servlet, I have to update something (maybe UserPrincipal or LoginContext?) to let JBoss knows that user has been authenticated. So security-constraints are properly applied to the rest of the session. Is this correct? What do I have to do?

1. Re: How to update UserPrincipal in servlet?

wolfgangknauf Jan 28, 2010 10:17 AM (in response to epic4826)
Hi,

this should help:
[http://community.jboss.org/wiki/WebAuthentication]

Best regards

Wolfgang
Actions