0 Replies Latest reply on Apr 25, 2014 6:02 AM by musthafahcl

    securitycontext association to session in AS7 -Query




      I am migrating existing programmatic web login authentication process to picketbox module provided by AS7 ie.picketbox-4.0.19.SP2-redhat-1.jar.


      below is the code that i am using to get authenticated and to associate.


          public void doPost(HttpServletRequest request, HttpServletResponse response){


              try {


                String securityDomainName = "MyJaas";

                SecurityContext securityContext = SecurityFactory.establishSecurityContext(securityDomainName);

                //Picket box Authentication starts


                  try {            

                      Subject subject = new Subject();

                      Principal principal = getPrincipal("Musthafa");

                      Object credential = new String("pwd");


                       AuthenticationManager am = securityContext.getAuthenticationManager();

                       if(am == null)

                          throw new RuntimeException("Authentication Manager is null");


                      boolean result = am.isValid(principal, credential,subject);

                      if(result == false)

                          throw new RuntimeException("Authentication Failed");



                       System.out.println("result... :"+result); //true


                       System.out.println("subject.getPrincipals().size()... :"+subject.getPrincipals().size());  // 2


                       securityContext.getUtil().createSubjectInfo(principal, credential, subject);




                       System.out.println("Subject info Role :"+securityContext.getSubjectInfo().getRoles());  //null


                       System.out.println("Authenticated Subject :"+securityContext.getSubjectInfo().getAuthenticatedSubject());

      /*result of above sop

      01:37:44,247 INFO  [stdout] (http-localhost/ Authenticated Subject :Subject:

      01:37:44,247 INFO  [stdout] (http-localhost/     Principal: Musthafa

      01:37:44,247 INFO  [stdout] (http-localhost/     Principal: Roles(members:MyUsers)






                               catch (Exception exc) {


                                   System.out.println("JAAS Login failed: " +(String) exc.getMessage() );                         



                RequestDispatcher dispatcher=request.getRequestDispatcher("action to next page which is welcome.jsp");                  

               dispatcher.forward(request, response);

              } catch (ServletException e) {


              } catch (IOException e) {


              }catch(Exception e){






      After this code is executed, userPrincipal and Roles of request/session variable are null.

      The next page to be displayed is under auth-contraint of "MyUsers" : configuration of web.xml. so the application displays 403 page.

      I am adding roles into the group in MyLoginModule.java

      is anything missing to propagate subject to request/session . Let me know if any other inf. required.