Hi

I am migrating existing programmatic web login authentication process to picketbox module provided by AS7 ie.picketbox-4.0.19.SP2-redhat-1.jar.

below is the code that i am using to get authenticated and to associate.

    public void doPost(HttpServletRequest request, HttpServletResponse response){

        try {

          String securityDomainName = "MyJaas";

          SecurityContext securityContext = SecurityFactory.establishSecurityContext(securityDomainName);

          //Picket box Authentication starts

          SecurityFactory.prepare();

            try {            

                Subject subject = new Subject();

                Principal principal = getPrincipal("Musthafa");

                Object credential = new String("pwd");

                 AuthenticationManager am = securityContext.getAuthenticationManager();

                 if(am == null)

                    throw new RuntimeException("Authentication Manager is null");

                boolean result = am.isValid(principal, credential,subject);

                if(result == false)

                    throw new RuntimeException("Authentication Failed");

                 System.out.println("result... :"+result); //true

                 System.out.println("subject.getPrincipals().size()... :"+subject.getPrincipals().size());  // 2

                 securityContext.getUtil().createSubjectInfo(principal, credential, subject);

                 System.out.println("UserPrincipal"+securityContext.getUtil().getUserPrincipal());//Musthafa            

                 System.out.println("Subject info Role :"+securityContext.getSubjectInfo().getRoles());  //null

                 System.out.println("Authenticated Subject :"+securityContext.getSubjectInfo().getAuthenticatedSubject());

/*result of above sop

01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1) Authenticated Subject :Subject:

01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1)     Principal: Musthafa

01:37:44,247 INFO  [stdout] (http-localhost/127.0.0.1:8080-1)     Principal: Roles(members:MyUsers)

*/

                SecurityContextAssociation.setSecurityContext(securityContext);             

                         }

                         catch (Exception exc) {

                             exc.printStackTrace();

                             System.out.println("JAAS Login failed: " +(String) exc.getMessage() );                         

                         }        

          RequestDispatcher dispatcher=request.getRequestDispatcher("action to next page which is welcome.jsp");                  

         dispatcher.forward(request, response);

        } catch (ServletException e) {

            e.printStackTrace();

        } catch (IOException e) {

            e.printStackTrace();

        }catch(Exception e){

            e.printStackTrace();

        }

    }

After this code is executed, userPrincipal and Roles of request/session variable are null.

The next page to be displayed is under auth-contraint of "MyUsers" : configuration of web.xml. so the application displays 403 page.

I am adding roles into the group in MyLoginModule.java

is anything missing to propagate subject to request/session . Let me know if any other inf. required.

Thanks