1 Reply Latest reply on Oct 1, 2003 11:49 AM by James Kuhn

    Using a filter to check login

    James Kuhn Newbie

      Hi,

      Really, my question is more concerned with the javax.servlet.Filter than JAAS.
      But it's the LoginContext's thread issue that is sending me down this road,
      so I'm hoping somebody will be willing to answer my question here.

      Anyway... like many other people, when implementing the JAAS, I ran into the
      problem where new threads are being used by requests that are made after
      authenication has occured. As such, the LoginContext is lost and I get the
      dreaded principal="null" error. So, to fix this, I'm going to put the user
      information onto the session, and then log in before every attempt to access
      secured beans.

      Based on what I've read in these forums, the slickest way to do this is to use
      a filter. So, I wrote a very simple filter, and added the following to my
      web.xml descriptors:

      <!-- JAAS -->

      <filter-name>
      logged-in-filter
      </filter-name>
      <filter-class>
      toolkit.admin.services.security.JAASFilter
      </filter-class>


      <!-- JAAS -->
      <filter-mapping>
      <filter-name>logged-in-filter</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>


      Everything compiles fine, but things go wrong on deployment:

      ERROR [URLDeploymentScanner] Failed to deploy:
      org.jboss.deployment.DeploymentException: Class org.mortbay.jetty.servlet.Holder
      can not access a memeber of a class toolkit.admin.services.security.JAASFilter
      with modifiers ""; -- nested throwable: java.lang.IllegalAccessException: ...
      ...
      ...


      Am I missing something here? From what I'm reading, all that I should need is
      the added descriptors, and then the filter itself.