1 Reply Latest reply on Aug 21, 2004 2:19 PM by ltcmelo

    Problems to keep login data

    ltcmelo
    ltcmelo Aug 20, 2004 12:34 AM

      Hi,
      i got a real big problem that i must figure out a way out of it.

      I got my application protected with JAAS, so users cannot access any pages or servles withou a login. There's only one servlet (wich is not secure) that is the one that actually logs the user in.

      Heres the code of my login servlet.

      //...
String j_username = (String)request.getParameter("j_username");
String x = (String)request.getParameter("j_password");

if (x != null){
 j_password = x.toCharArray();
 handler = new UsernamePasswordHandler(j_username, j_password);
}

LoginContext lc = null;

try {
 lc = new LoginContext("example2", handler);
 lc.login();


 //this part doesn't matter very much
 Subject subject = lc.getSubject();
 Set principals = subject.getPrincipals();
 Principal user = new SimplePrincipal(j_username);
 principals.add(user);

} catch (LoginException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 throw new Exception();
}

// redirect to other page...


      The above code runs perfectly! It logs the user correctly and then i'm forwared to some other page.
      But, when i get to this other page, everything is gone!!! I'm not logged anymore. If i try to access another page in my application, i'm redirect to the login.jsp page again!!!

      I heard that this is because the multi-thread characteristic of the servlets, but

      how can i workaround this??? how can i make this maintain my login through the rest of my session???


      Here's a piece of login-config.xml 
       <application-policy name = "client-login">
 <authentication>
 <login-module code = "org.jboss.security.ClientLoginModule"
 flag = "required">
 </login-module>
 </authentication>
 </application-policy>



 <application-policy name="example2">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <!--<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>-->
 <module-option name="dsJndiName">java:/DefaultDS</module-option>
 <module-option name="principalsQuery">Select Password from Principals where PrincipalID =?</module-option>
 <module-option name="rolesQuery">Select Role 'Roles', RoleGroup 'RoleGroups' from Roles where PrincipalID =?</module-option>
 </login-module>
 </authentication>
 </application-policy>


      • 1868 Views
      • Tags: