We've successfully set up a custom LoginModule for handling xmldsig logins (using smart card readers).
However, in case of a LoginException we'd like to propagate the Exception from the location where it is thrown (which would be in our LoginModule.login() - method) to the web user interface.
The communication way is as follows:
- The user is accessing a web page
- The user is redirected to the form-login-page of web.xml
- The uthenticate() method
- The FormAuthenticator.authenticate() method is invoked
- The LoginModule.login()-method is invoked
- LoginModule.login() -> throws LoginException("Sorry folk, the certificate has been revoked");
- The FormAuthenticator gets the null-value for the principal and redirects to form-error-page.
==> The LoginException never makes its way back to the Authenticator. As far as I see, the exception is somehow masked inside the JBossSecurityMgrRealm - there the principal is simply returned with a null-value, and authentication errors could be noticed in TRACE-mode.
Snippet from org.jboss.web.tomcat.tc4.authenticator.FormAuthenticator
String username = hreq.getParameter(Constants.FORM_USERNAME);
String password = hreq.getParameter(Constants.FORM_PASSWORD);
if (debug >= 1)
log("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
if (principal == null)
if (debug >= 1)
log("Redirect to error page '" + errorURI + "'");
Snippet from org.jboss.web.tomcat.security.JBossSecurityMgrRealm
if (securityMgr.isValid(principal, passwordChars))
log.trace("User: " + username + " is authenticated");
principal = null;
log.trace("User: " + username + " is NOT authenticated");
Given the above way of communication, it seems quite hard to detect errors.
So far we've discussed the following options to trap the LoginException:
*) Perform a LoginModule.login() in the error-jsp page and trap the LoginException ourselves (thus the whole login-procedure will be done twice in case of an login-error).
*) Return a Principal with the LoginException-data stored in an Exception-property. However, this could impose a security risk as the user would be authenticated as a Principal (with no roles).
Does anyone know of more delicate options available?