1 Reply Latest reply on May 22, 2008 4:09 PM by Richard Richter

    Possible action before JAAS athentication?

    Richard Richter Newbie

      I use JAAS login module to authenticate users against LDAP - and it works fine with:


      <security:identity jaas-config-name="ldapConfig"/>
      



      Is it possible to call some method before my login module is called? The reason is that LDAP users are indeed the source for authentication, but not all users in LDAP are actual users of the application and I'd like to check DB table with users before trying to log in against LDAP in case that the person from ldap is not really the user of our application.


      In case there is no pre-authenticate way, what is the right way to do this?

        • 1. Re: Possible action before JAAS athentication?
          Richard Richter Newbie

          OK, it wasn't easy to Google it but after few iterations it wasn't that hard to implement simple method:


               @Observer(Identity.EVENT_PRE_AUTHENTICATE)
               public void checkUserInDb() throws PreAuthException {
                    if (em.createQuery("select u from User u where u.login=#{identity.username}").getResultList().size() == 0) {
                         throw new PreAuthException();
                    }
               }
          



          And in pages.xml:


               <exception class="sk.bgs.controlling.web.action.PreAuthException">
                    <redirect view-id="/login.xhtml">
                         <message severity="warn">Login failed</message>
                    </redirect>
               </exception>
          



          This caused that user missing in DB resulted into the same effect like wrong name/password test against LDAP.


          I originally tried to use NotLoggedInException, but I wasn't able to catch it and redirect in pages.xml - I always ended on debug page. Don't know why because examples of pages.xml with NotLoggedInException are very often. ;-)