6 Replies Latest reply on Dec 5, 2002 2:18 PM by Donald

    Logging into JAAS from within a servlet

    Greg Woodward Newbie

      Hi:

      We have form based authentication working with JAAS with the database login module (JBoss 3.0.3 with Tomcat 4.1.12; JDK 1.4.1 on Linux; PostgreSQL for the database). I also have a stand-alone external EJB client which can successfully log into the security realm and invoke methods on our EJB's.

      However, I currently need to explicitly log into the system from within a GenericServlet (not HttpServlet). I am attempting to log in exactly like I do from within the stand-alone client application, and it seems to log in fine (I can step through the JBoss code in the debugger and see that the password is being compared successfully against the one stored in the database). However, when I go to invoke my first EJB methods, I get a security exception and it says my principal is null.

      How does one explicitly log into the system from within a servlet? It seems that the fact that we've successfully logged into the system needs to be "stashed" somewhere prior to obtaining the EJB home interfaces. Thanks.

      -- Greg

        • 1. Re: Logging into JAAS from within a servlet
          kees moes Newbie

          I am running 3.04 & 4.1.12 an am wondering?

          Did you eventually solve this problem because I am suffering here...

          I think it has something to do with auth.conf
          However I don't no if I have to add auth.conf to catalina explicitly!
          I know how to do it from a client program by adding auth.conf as a -d argument but I cannot find any documentation to help me further along.

          • 2. Re: Logging into JAAS from within a servlet
            J. Wolfgang Kaltz Novice

            In JBoss 2.4.X you need to run the JAAS module org.jboss.security.ClientLoginModule in order to bind the username & password to the JBoss invocation layer. Otherwise the server won't know who is calling it. So yes you would need the auth.conf (or equivalent) in your servlet container's path.

            Not sure what the deal in 3.0 is, but probably similar ?

            • 3. Re: Logging into JAAS from within a servlet
              kees moes Newbie

              I thought I show catalina's startup change between Jboss 2.X catalina and 3. In 2.x catalina is started from it's startup script. This has changes in 3 which allows catalina to be configured in tomcat41-service.xml.

              How to place auth.conf there.....??? No idea ....yet.

              • 4. Re: Logging into JAAS from within a servlet
                James Moring Newbie

                There is a shortcut to this process. It is JBoss specific and potentially version specific. You can do what the client login module does without the overhead of the JAAS configuration. Look at the source for the ClientLoginModule. I use this approach on the client-side of EJB calls without any problems. I only set the principal and the credentials and not the subject.

                Use at your own risk!!!!

                HTH

                • 5. Re: Logging into JAAS from within a servlet
                  kees moes Newbie

                  I am going to check the source out to see what is going on there, but I will keep looking for the legal way to make auth.conf known to catalina webapps.

                  BTW should not there be a dtd with tomcat41-server.xml??

                  • 6. Re: Logging into JAAS from within a servlet
                    Donald Newbie

                    now I was working on an Iplanet application where we on registrering at the site we woould add the user and role to LDAP. Afther that we would get a handle into IPLANET's application and force what the form based auth does on a login. this way the user would not be prompted for the id/pass after they register.

                    There should be a way into JBOSS wither direstly or through JAAS to pass the Registration information(id/pass) for a later callback when the system need the information.

                    Has anyone done this? Do you understand my question on forcing the login throough code