0 Replies Latest reply on Nov 8, 2012 6:13 PM by Jose Miguel Loor

    Accessing the HttpServletRequest in a Custom Login Module

    Jose Miguel Loor Apprentice



      I have created a custom login module, and i want to expose the module options to the web application. For that i am using this approach:


      try {

           HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext("javax.servlet.http.HttpServletRequest");

           request.getSession().setAttribute("nDevLoginModuleOptions", moduleOptions);

                          } catch (Exception e) {

           log.error("Unable to store the login module options in http session");




      In a jboss 7.1.2 server i was getting an ClassDefNotFound for PolicyContext; i was looking for a good solution and found some, involving a custom Form Authenticator and some other things; but finally i came up with this:


      <module xmlns="urn:jboss:module:1.1" name="com.ndeveloper.security">


          <resource-root path="ndev-security.jar"/>



          <module name="org.picketbox"/>

          <module name="javax.api"/>

          <module name="org.jboss.logging"/>

          <module name="javax.security.jacc.api"/>

          <module name="javax.servlet.api"/>




      As you see, i made my module dependant of javax.security.jacc.api and javax.servlet.api; and now, it works fine


      My question is, is there any drawback to this approach ???