5 Replies Latest reply on Sep 20, 2001 4:12 PM by pitdingo

    three parameter login with JAAS

    pitdingo

      i am really stuck here. I have a requirement to have three parameters on the login page. I have not seen anything anywhere on the web that has an example of how to do this; everything is just a simple user name and password combination.

      Its seems to me I should be able to have a Servlet that uses Jaas and somehow calls into JBoss say this is either a valid or unvalid client. But how to do this is totally not clear.

        • 1. Re: three parameter login with JAAS
          starksm64

          One simple solution is to simply concatenate the password and SSN and have a custom login module validate the combined password by validating the pieces.

          • 2. Re: three parameter login with JAAS
            pitdingo

            have a hidden j_password field and have javascript combine the two? possibly...

            but what if i had a drop down on the login page where the user could choose the system they were logging into....i need access to the HttpServletRequest Object to be really flexible and to invoke the login method on the LoginContext manually from a Servlet. I tried that and although it says I am authenticated, jboss challenges me when i try to access a protected resource. That would give me full control over the Authentication process.

            The current model of authentication is not flexible enough. Can anyone come up with an example of why one should not be allowed to manually authenticate via the login method from a Servlet? Wouldn't that be the same as a client app invoking a login? It seems to me it should be.


            • 3. Re: three parameter login with JAAS
              starksm64

              Nothing prevents you from doing a JAAS login from within your servlet code. See org.jboss.test.web.servlets.ClientLoginServlet for an example.

              • 4. Re: three parameter login with JAAS
                pitdingo

                i tried a variation of that and it does not work.

                I have a login form call a LoginServlet that does the login process. I see the "[Default] User 'java' authenticated." come up in the command window and do a sendRedirect( "index.html" ) which i have secured in my web.xml file. I then get prompt to login again!

                If I change the login form to not use my LoginServlet and submit to 'j_security_check', it works. Same LoginModule mind you.

                So why doesn't the server recognize that I have been authenticated?

                • 5. Re: three parameter login with JAAS
                  pitdingo

                  any ideas?