-
-
2. Re: Manual Servlet login failure
i call this twice, once to login, then again to see the Principal object.package org.jboss.docs.jaas.howto; import java.io.IOException; import java.io.PrintWriter; import java.security.Principal; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.*; import org.jboss.docs.jaas.howto.Session; import org.jboss.docs.jaas.howto.SessionHome; public class LoginServlet extends HttpServlet { private boolean firstTime= true; protected void processRequest( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException { //---call this servlet two times just for testing purposes if( firstTime ) { String alias= request.getParameter( "alias" ); String username= request.getParameter( "j_username" ); String password= request.getParameter( "j_password" ); System.out.println( "...alias= " + alias ); System.out.println( "...userName= " + username ); System.out.println( "...password= " + password ); try { AppCallbackHandler handler= new AppCallbackHandler( username, password.toCharArray() ); LoginContext lc = new LoginContext( "example1", handler ); System.out.println("....Created LoginContext"); lc.login(); //this.callEcho( request, response ); Subject subject = lc.getSubject(); System.out.println( "....subject= " + subject ); //response.sendRedirect( "index.html" ); } catch (LoginException le) { System.out.println("....Login failed"); le.printStackTrace(); response.sendRedirect( "LoginForm.html" ); } firstTime= false; } response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println("<html>"); out.println("<head><title>Just logged in....</title></head>"); out.println("<h1>Logged in...</h1>"); out.println( "<body><pre>" ); Principal principal= request.getUserPrincipal(); if( principal != null ) { out.println( "request.getUserPrincipal().getName()= " + request.getUserPrincipal().getName() ); out.println( "request.isUserInRole( 'echo' )= " + request.isUserInRole( "echo" ) ); out.println( "request.isUserInRole( 'Echo' )= " + request.isUserInRole( "Echo" ) ); } else { out.println( "-----> request.getUserPrincipal() was NULL!!!" ); } out.println("</pre></body></html>"); out.close(); } protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } } -
-
4. Re: Manual Servlet login failure
i just tried the jboss 2.4.2 and same thing. request.getCallerPrincipal() is null after i successfully do a login()
-
5. Re: Manual Servlet login failure
What you are doing here is not actually login to the web container you are only login to the current thread to access ejb's. If you want to login to the web container to keep between sessions you must login via the servlet j_security_check with the j_username and j_password. The following should do this from within a servlet.
String path =new StringBuffer("j_security_check?j_username=").append(username).append("&j_password=").append(password).toString();
getServletConfig().getServletContext().getRequestDispatcher(path).include(request, response);
And then redirect to the page you want the user to see.
Paul -
6. Re: Manual Servlet login failure
i need to be able to control the entire login process as i have more than a simple two value authentication mechanism than the inflexible j_security_check allows.
I need a mechanism to allow for 'n' authentication values through a web browser. I dont understand why the container does not contain a Principal when I do a manual login; the configured login modules get executed so the container is processing it. -
7. Re: Manual Servlet login failure
> What you are doing here is not actually login to the
> web container you are only login to the current
> thread to access ejb's. If you want to login to the
> web container to keep between sessions you must login
> via the servlet j_security_check with the j_username
> and j_password. The following should do this from
> within a servlet.
>
> String path =new
> StringBuffer("j_security_check?j_username=").append(us
> rname).append("&j_password=").append(password).toStrin
> ();
> getServletConfig().getServletContext().getRequestDispa
> cher(path).include(request, response);
this does not work. In fact, i read in another newsgroup that this sort of thing is not allowed. -
8. Re: Manual Servlet login failure
Is there any update on this? It seems completely ridiculous that you can't login the principal from the webserver, and have the same login context propagated to the EJB layer (without using the j_username stuff).
I too have exactly the same scenario as described here now. In a ServletFilter I login find through a LoginContext, but request.getRemoteUser() always returns null still. (Using JBoss 2.4.4/Catalina 4.0)
Any update Scott / Luke? How can I make this work?
-mike
