2 Replies Latest reply on Jan 29, 2010 5:03 PM by sebastianmohan

    Receiving session object in loginModule

    maximm Dec 16, 2009 4:27 AM

      Hi, All!

       

      I've implemented my own login module which extends org.jboss.security.auth.spi.UsernamePasswordLoginModule. It works fine doing all check and login stuff.

       

      But is there any way to notify my web part which is using the Form based authentication about type of error which has occured in login module?

       

      And can I get access to HttpRequest, HttpResponse objects or even directly to HttpSession from my login module?

      • 3591 Views
      • Tags:
        • 1. Re: Receiving session object in loginModule
          atijms
          atijms Jan 29, 2010 11:25 AM (in response to maximm)

          I was wondering about the same thing.

           

          Maybe you could simply use FacesContext.getCurrentInstance()... if the login was to take place within a Faces context?

           

          Otherwise you might try some of the classes in the org.jboss.web package, e.g. SecurityAssociationValve.activeRequest.get(); for the request and request.getSessionInternal(false); on the result of that to get the session.

            • Actions
          • 2. Re: Receiving session object in loginModule
            sebastianmohan
            sebastianmohan Jan 29, 2010 5:03 PM (in response to atijms)

            I am not sure if this is the clean way of obtaining the HTTPServletRequest from the custom LoginModule. This should work

             

            HttpServletRequest request = (HttpServletRequest) javax.security.jacc.PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

              • Actions