1 Reply Latest reply on Jan 28, 2010 10:17 AM by Wolfgang Knauf

    How to update UserPrincipal in servlet?

    Firstname Lastname Newbie

      I have JAAS setup on JBoss 4.2.3 using FormAuthenticator, our custom LoginModule that implements AbstractServerLoginModule and security-constraint on web.xml.  It's all working.


      But we have to use a HTML form with j_security fields for username and password.  At times we want to auto login user, which results in adding javascript to submit the form on page load and populating a hidden password field; and we don't like this method.


      Googled around I found it's possible to login user using Servlet: for example:


      LoginContext lc = new LoginContext("client-login", handler);


      but this login method doesn't persistent across pages unless I add a filter on protected resource to handle it manually.  I don't want to do that.


      I guess is once I log user in in servlet, I have to update something (maybe UserPrincipal or LoginContext?) to let JBoss knows that user has been authenticated. So security-constraints are properly applied to the rest of the session.  Is this correct?  What do I have to do?