5 Replies Latest reply on Oct 4, 2011 9:53 AM by mmoyses

ExtendedFormAuthenticator in JBoss 7?

gregcharles Sep 26, 2011 10:09 PM

I'm porting a legacy application from JBoss 4.2.3 to JBoss 7 (the web profile version). They used a custom login module and used a valve to capture the login failure reason into j_exception. They did this by putting context.xml into the web-inf directory of the war, with the following contents:

<!-- Add the ExtendedFormAuthenticator to get access to the username/password/exception ->

<Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"

includePassword="true" ></Valve>

</Context>

The login is working for me, but not that valve. When there's a login exception, the j_exception is still empty and the logic that depends on analyzing why the login was rejected fails. According to this link: http://community.jboss.org/wiki/ExtendedFormAuthenticator, everything looks right. However that link is very old, and it's possible things have changed since then. What's the new way?

Cross-posted at: http://stackoverflow.com/questions/7563095/extendedformauthenticator-in-jboss-7

1. Re: ExtendedFormAuthenticator in JBoss 7?

jaikiran Sep 26, 2011 11:45 PM (in response to gregcharles)

Check the last section (on valves) here http://community.jboss.org/wiki/JBossAS7SecurityDomainModel
1 of 1 people found this helpful
Actions
2. Re: ExtendedFormAuthenticator in JBoss 7?

gregcharles Sep 27, 2011 1:59 PM (in response to jaikiran)

Thanks Jaikiran, that worked! At least it worked in the sense that JBoss now recognizes I'm telling it to use a valve. Now the problem is:

09:55:25,827 ERROR [org.jboss.as.web.deployment.JBossContextConfig] (MSC service thread 1-1) Error instantiating contain
er component: org.jboss.web.tomcat.security.ExtendedFormAuthenticator: java.lang.ClassNotFoundException: org.jboss.web.t
omcat.security.ExtendedFormAuthenticator from [Module "deployment.xxx.ear.xxxxxxx.war:main" from Service Modu
le Loader]

I used that isocra jar searcher tool, and determined that JBoss no longer has the ExtendedFormAuthenticator class. Has it been renamed, or replaced by something?
Actions
3. Re: ExtendedFormAuthenticator in JBoss 7?

mmoyses Sep 27, 2011 2:48 PM (in response to gregcharles)

Yeah, the class in not there because we didn't port it to AS7. I will try to do it this week: https://issues.jboss.org/browse/AS7-1963
Actions
4. Re: ExtendedFormAuthenticator in JBoss 7?

gregcharles Sep 27, 2011 3:31 PM (in response to mmoyses)

Thanks Marcus! If you need a volunteer to test it, ping on me.
Actions
5. Re: ExtendedFormAuthenticator in JBoss 7?

mmoyses Oct 4, 2011 9:53 AM (in response to gregcharles)

The ExtendendFormAuthenticator has been ported to AS7. You can test it by checking out the latest version for github.
Add

<valve>
    <class-name>org.jboss.as.web.security.ExtendedFormAuthenticator</class-name>
    <param>
       <param-name>includePassword</param-name>
       <param-value>true</param-value>
    </param>
</valve>

to jboss-web.xml to use it.
Actions

Go to original post