Communicating Return Codes from a Custom Login Module
david_b Jul 17, 2012 8:26 PMHi all,
I'm using a custom login module on JBoss AS 6 to support account locking after too many failed login attempts. If login fails due to a locked account I'd like to communicate this back to the Servlet to display a "your account is locked" message to the user.
Unfortunately sending return codes from the module back to the servlet is proving difficult. I'm attempting to set an attribute on the session in the login module and retrieve this in the servlet, but the attribute is never present.
Any idea why the session attribute isn't available? Is there a better way to communicate return codes back from a custom login module?
My login module code:
public class LockingDatabaseServerLoginModule extends DatabaseServerLoginModule { @Override public boolean login() throws LoginException { String[] info = getUsernameAndPassword(); String username = info[0]; if( isAccountLocked( username ) ) { // Add locked attribute to the session object HttpServletRequest request; try { request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest"); request.setAttribute("accountlocked", true); } catch (PolicyContextException e) { e.printStackTrace(); } throw new AccountLockedException(); } /* snip */ } }
My servlet code:
public class LoginServlet extends HttpServlet { public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("j_username").toLowerCase(); String password = request.getParameter("j_password"); try { request.login(username, password); } catch (ServletException e) { // Check the locked attribute on the session Object attrib = request.getSession().getAttribute("accountlocked"); // ***attrib is always null at this point*** } /* snip */ } }
Any help would be greatly appreciated.
Thanks
Dave