sorry, i am not use the version2.4.0
I used the version 2.2.0, what class does j_security_check called?I still confused how does it called class, use "j_security_check". becaues there is not the word match "j_security_check".

Hi sohik.shah,

After read mateials about JAAS. I know how the security framwork works in the JBoss server. But I still confused that how "j_security_check" called the classs work, is the name of "j_security_check" have some rules? For I did not find another "j_security_check" in the configure file or other security file. So can you tell me , how it works? Thanks!

Hi all,

I use the version 2.2.0 and the Login is handle by org.jboss.portal.core.security.jaas.ModelLoginModule.
the code is :

public class ModelLoginModule
extends UsernamePasswordLoginModule
{

protected String userModuleJNDIName;
protected String additionalRole;
protected String havingRole;

public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);

// Get data
userModuleJNDIName = (String)options.get("userModuleJNDIName");
additionalRole = (String)options.get("additionalRole");
havingRole = (String)options.get("havingRole");

// Some info
log.trace("userModuleJNDIName = " + userModuleJNDIName);
log.trace("additionalRole = " + additionalRole);
log.trace("havingRole = " + havingRole);
}

private UserModule userModule;

protected UserModule getUserModule() throws NamingException
{
if (userModule == null)
{
userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName);
}
return userModule;
}

protected String getUsersPassword() throws LoginException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
String password = (String)Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(getUsername());
if (havingRole == null || user.getRoleNames().contains(havingRole))
{
return user.getPassword();
}
else
{
return null;
}
}
catch (NoSuchUserException e)
{
return null;
}
catch (Exception e)
{
throw new LoginException(e.toString());
}
}
});

// Returning null as password is enough to veto the login
return password;
}
catch (Exception e)
{
Throwable cause = e.getCause();
throw new LoginException(cause.toString());
}
}

protected Group[] getRoleSets() throws LoginException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (Group[])Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(getUsername());
Set roleNames = user.getRoleNames();

//
Group rolesGroup = new SimpleGroup("Roles");

//
if (additionalRole != null)
{
rolesGroup.addMember(createIdentity(additionalRole));
}

//
for (Iterator iterator = roleNames.iterator(); iterator.hasNext();)
{
String roleName = (String)iterator.next();
try
{
Principal p = createIdentity(roleName);
rolesGroup.addMember(p);
}
catch (Exception e)
{
log.debug("Failed to create principal " + roleName, e);
}
}

//
return new Group[]{rolesGroup};
}
catch (Exception e)
{
throw new LoginException(e.toString());
}
}
});
}
catch (Exception e)
{
Throwable cause = e.getCause();
throw new LoginException(cause.toString());
}
}
}

How does it login, I still confused. and how does the page forward? do not have the portlet control it.
could you explain that to me? Thanks very much!