Programatic web authentication with custom security domain on JBoss 7.1.1 Final
Hi,
I have seen similar discussions here but I still could not get an answer to my problem. I have a custom login module configured in a security domain which works fine via JNDI. I want to login from web application using the same. I think I am missing something in configuration and I would very much apreciate some help.
Here is the configuration in standalone.xml:
Realm:
<security-realm name="MyRealm"> <authentication> <jaas name="AMStub"/> </authentication> </security-realm>
Security Domain:
<security-domain name="AMStub" cache-type="default"> <authentication> <login-module code="com.example.AMStubLoginModule" flag="required" module="com.example"/> </authentication> </security-domain>
I then have a simple web application where I want to implement the authentication programatically via a filter. Here is web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>test-web</display-name> <servlet> <servlet-name>TestServlet</servlet-name> <servlet-class>com.proto.web.TestServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>TestServlet</servlet-name> <url-pattern>/test/</url-pattern> </servlet-mapping> <servlet> <servlet-name>SecurityServlet</servlet-name> <servlet-class>com.proto.web.SecurityServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>SecurityServlet</servlet-name> <url-pattern>*.auth</url-pattern> </servlet-mapping> <filter> <filter-name>SecurityFilter</filter-name> <filter-class>com.proto.web.ServletSecurityFilter</filter-class> <init-param> <param-name>login_page</param-name> <param-value>/loginForm.jsp</param-value> </init-param> </filter> <filter-mapping> <filter-name>SecurityFilter</filter-name> <servlet-name>TestServlet</servlet-name> </filter-mapping> </web-app>
I also have a jboss-web.xml in WEB-INF directory with this content:
<jboss-web> <security-domain>AMStub</security-domain> </jboss-web>
In the ServletSecurityFilter the code looks like this:
.....
String userId = request.getParameter("j_username");
String passwd = request.getParameter("j_password");
try {
request.login(userId, passwd);
logger.info("user " + userId + " logged in successfully");
......
} catch (ServletException e) {
logger.info("failed authenticating user " + userId, e);
}
...
But at runtime I get the following exception:
09:43:24,483 INFO [com.sigma.proto.web.SecurityServlet] (http--127.0.0.1-8080-1) failed authenticating user test: javax.servlet.ServletException: No authenticator available for programmatic login at org.apache.catalina.connector.Request.login(Request.java:3254) [jbossweb-7.0.13.Final.jar:] at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1082) [jbossweb-7.0.13.Final.jar:] at com.proto.web.SecurityServlet.processRequest(SecurityServlet.java:71) [classes:] at com.proto.web.SecurityServlet.doPost(SecurityServlet.java:41) [classes:] at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]
NOTE: Although it says that the question is assumed answered, it is not .... I just don't know how to revert that.