3 Replies Latest reply on Nov 26, 2004 6:33 PM by Ravikiran Chittari

    JAAS Authentication with JBoss - Almost there need some help

    Ravikiran Chittari Newbie

      I am using a Custom Login Module and am able to successfully login through LoginContext.login() method

      I am using struts and have a LoginAction class,

      Code in the login action class
      -----------------------------------

      String userName = argRequest.getParameter("j_username");
      String password = argRequest.getParameter("j_password");

      HttpSession session = argRequest.getSession();

      if(userName == null && password == null)
      {
      return argMapping.getInputForward();
      }
      LoginContext lc = new LoginContext("test", new UsernamePasswordHandler(userName, password));
      try
      {
      lc.login();

      }
      catch(LoginException le)
      {
      return argMapping.getInputForward();
      }

      return argMapping.findForward(Constants.SUCCESS);
      ----------------------------------

      login is successful and I get the valid subject back.

      My question is

      Should I store subject in session under particular name, so that the Jboss app servers realizes that the user has logged in and permits other requests?

      In my case, with just the above code, it does not allow further requests? after this.

      Basically, I think I am missing the part of JAAS authentication integration point with the Servlet engine. I have JAAS working but how does I let the servlet engine know about the logged in principal.

      Also for logout, in order to do logincontext.logout() I need reference to logincontext. What is the best practice in this case. Should I be storing the initial login context in session so that I can call logout from that reference?

      I am hoping to recieve some answers.

      Thank you very much in advance