cant get SecurityAssociation.setServer(); to work
pitdingo Oct 16, 2001 9:10 AM
I was under the assumption, a call to SecurityAssociation.setServer() binds the local thread's authentication information to the container. Is this an incorrect assumption?
I tried the following code and my LoginModule says i am authenticated, but if i try to access another page once this Servlet returns, i am forced to login again.
If i submit to j_security_check from the HTML form my LoginModules work so I know there is no problem there. Or wait, should the SecurityAssociation.setServer(); be in the commit() method of LoginModule?
package com.test.prototype.servlets;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.*;
import com.test.prototype.authentication.AppCallbackHandler;
import org.jboss.security.*;
public class LoginServlet extends HttpServlet
{
private boolean firstTime= true;
public void service( HttpServletRequest request, HttpServletResponse response ) throws ServletException, IOException
{
//---call this servlet two times just for testing purposes
if( firstTime )
{
String alias= request.getParameter( "alias2" );
String username= request.getParameter( "username2" );
String password= request.getParameter( "password2" );
/*
System.out.println( "trying to forward to 'j_security_check'...." );
String path =new StringBuffer("j_security_check?j_username=").append(username).append("&j_password=").append(password).toString();
request.getRequestDispatcher(path).include(request, response);
*/
System.out.println( "...alias= " + alias );
System.out.println( "...userName= " + username );
System.out.println( "...password= " + password );
try
{
AppCallbackHandler handler= new AppCallbackHandler( username, ( alias + "##" + password ).toCharArray() );
LoginContext lc = new LoginContext( "test", handler );
System.out.println("....Created LoginContext");
lc.login();
SecurityAssociation.setServer();
System.out.println( "....SecurityAssociation.setServer() called." );
//this.callEcho( request, response );
Subject subject = lc.getSubject();
System.out.println( "....subject= " + subject );
//response.sendRedirect( "index.html" );
}
catch (LoginException le)
{
System.out.println("....Login failed");
le.printStackTrace();
response.sendRedirect( "LoginForm.html" );
}
firstTime= false;
}
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("");
out.println("Just logged in....");
out.println("<h1>LoginServlet</h1>");
out.println( "" );
Principal principal= request.getUserPrincipal();
if( principal != null )
{
out.println( "request.getUserPrincipal().getName()= " + request.getUserPrincipal().getName() );
out.println( "request.isUserInRole( 'echo' )= " + request.isUserInRole( "echo" ) );
out.println( "request.isUserInRole( 'Echo' )= " + request.isUserInRole( "Echo" ) );
}
else
{
out.println( "-----> request.getUserPrincipal() was NULL!!!" );
}
out.println("");
out.close();
}