This content has been marked as final. Show 2 replies
If I am correct you only login the current thread when using LoginContext instead of logon the HttpSession to the webcontainer. This means that not your HttpSession is logged in, so you can't use it furtheron in the session (any following requests).
I also have the same problem. I hope there is a workaround, because you cannot always use j_security_check (for instance if you want to authenticate using something else then simply username & password).
Anyone has any idea on how to use the LoginContext to logon the HttpSession at the webcontainer??
Using JBoss-2.4.4_Tomcat-4.0.1, you can do exactly this if you're willing to hack apart org.apache.catalina.authenticator.FormAuthenticator. This is the valve that handles form-based authentication. I changed mine so that there can be more callbacks than just username and password, and as many iterations of callbacks as necessary.