Hi
I have created a custom login module, and i want to expose the module options to the web application. For that i am using this approach:
try {
HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");
request.getSession().setAttribute("nDevLoginModuleOptions", moduleOptions);
} catch (Exception e) {
log.error("Unable to store the login module options in http session");
log.error(e.getMessage());
}
In a jboss 7.1.2 server i was getting an ClassDefNotFound for PolicyContext; i was looking for a good solution and found some, involving a custom Form Authenticator and some other things; but finally i came up with this:
<module xmlns="urn:jboss:module:1.1" name="com.ndeveloper.security">
<resources>
<resource-root path="ndev-security.jar"/>
</resources>
<dependencies>
<module name="org.picketbox"/>
<module name="javax.api"/>
<module name="org.jboss.logging"/>
<module name="javax.security.jacc.api"/>
<module name="javax.servlet.api"/>
</dependencies>
</module>
As you see, i made my module dependant of javax.security.jacc.api and javax.servlet.api; and now, it works fine
My question is, is there any drawback to this approach ???