1 Reply Latest reply on Jan 28, 2010 10:17 AM by Wolfgang Knauf

    How to update UserPrincipal in servlet?

    Firstname Lastname Newbie

      I have JAAS setup on JBoss 4.2.3 using FormAuthenticator, our custom LoginModule that implements AbstractServerLoginModule and security-constraint on web.xml.  It's all working.

       

      But we have to use a HTML form with j_security fields for username and password.  At times we want to auto login user, which results in adding javascript to submit the form on page load and populating a hidden password field; and we don't like this method.

       

      Googled around I found it's possible to login user using Servlet: for example:

       

      LoginContext lc = new LoginContext("client-login", handler);
      lc.login();

       

      but this login method doesn't persistent across pages unless I add a filter on protected resource to handle it manually.  I don't want to do that.

       

      I guess is once I log user in in servlet, I have to update something (maybe UserPrincipal or LoginContext?) to let JBoss knows that user has been authenticated. So security-constraints are properly applied to the rest of the session.  Is this correct?  What do I have to do?