3 Replies Latest reply on Feb 18, 2004 8:25 AM by Scott Stark

    login jboss using jaas

    qjx1208 Newbie

      how I use my servlet loginContext.login container
      not use HTTP Basic Authentication
      Thanks

        • 1. Re: login jboss using jaas
          Scott Stark Master

          Using something like this:

          import org.jboss.security.auth.callback.UsernamePasswordHandler;
          ...
          
           protected void processRequest(HttpServletRequest request, HttpServletResponse response)
           throws ServletException, IOException
           {
           LoginContext lc = null;
           String echoMsg = null;
           try
           {
           lc = doLogin("jduke", "theduke");
          ...
           }
           catch(LoginException e)
           {
           throw new ServletException("Failed to login to client-login domain as jduke", e);
           }
           catch(Exception e)
           {
           throw new ServletException("Failed to access SecuredEJB", e);
           }
           finally
           {
           if( lc != null )
           {
           try
           {
           lc.logout();
           }
           catch(LoginException e)
           {
           }
           }
           }
          
           response.setContentType("text/html");
           PrintWriter out = response.getWriter();
           out.println("<html>");
           out.println("<head><title>ClientLoginServlet</title></head>");
           out.println("<h1>ClientLoginServlet Accessed</h1>");
           out.println("<body>Login as user=jduke succeeded.<br>SecuredEJB.echo returned:"+echoMsg+"</body>");
           out.println("</html>");
           out.close();
           }
          
           private LoginContext doLogin(String username, String password) throws LoginException
           {
           UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password.toCharArray());
           LoginContext lc = new LoginContext("client-login", handler);
           lc.login();
           return lc;
           }
          
          



          • 2. Re: login jboss using jaas
            qjx1208 Newbie

            Thank you very much, but the code doesn't work correctly.

            I can pass the authentication, but when I reach the second servlet to fetch the user principal: request.getUserPrincipal(), the return value is null. I wonder why this happens.

            servlet1:
             try {
             UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password.toCharArray());
             lctx = new LoginContext("danetworkflow", handler);
             lctx.login();
             response.sendRedirect("servlet2");
             }
             catch (LoginException exc) {
             out.println("Login failed: " + exc);
             return;
             }
            
            servlet2:
             request.getUserPrincipal()==null
            
            


            • 3. Re: login jboss using jaas
              Scott Stark Master

              The login module for the danetworkflow configuration must include the org.jboss.security.ClientLoginModule for this to work.