2 Replies Latest reply on Mar 23, 2006 5:30 PM by Michael Lorenz

    FormAuthenticator with User Output

    Michael Lorenz Newbie

      Hello,

      I am new to Jboss and using EJBs+Servlets with XML output together with RIA Frontend on the Client side.

      I want to make a secure application by using FormAuthentication.
      The j_security_check, after sucessfull check, makes a "REDICRECT" to the original requested Page e.g. "MyApp.xyz". My RIA Forntend is not accepting such REDIRECTs. Better i want to get back some XML Output in a HTTP-Response e.g. "originalRequestedPage.xyz" (Like output of normal Servlet)

      I watched a bit in the JBOSS-AS Source and found the file:

      org.jboss.web.tomcat.security.FormAuthenticator
      In the method

      public boolean authenticate(Request request,Response response, LoginConfig config);

      I was changing the Line

      response.sendRedirect(response.encodeRedirectURL(requestURI));

      to

      response.getResponse().getWriter().println("<Answer>" + requestURI + "</Answer>");


      but the behaivior of j_security_check is not what I want: After sucessfull check NOTHING IS GOING ON! No Redirect (good!) and no output :(

      May I not understood the sourcecode!? May the FormAuthenticator does not send the HTTP-Response?
      I badly need this feature - how can I implement it?

      Thx, Michael


      PS. I havent found somewhere in the JBOSS-AS Source Code which calls the FormAuthenticator or ExtendedFormAuthenticator ?? How it is used?

        • 1. Re: FormAuthenticator with User Output
          chris griffith Expert

          Micheal,

          If you want to use the org.jboss.web.tomcat.security.FormAuthenticator (or your modified version) you need make sure Tomcat knows to use this authenticator when asked to do FORM authentication. Tomcat has a mapping of authentication type (i.e. BASIC, DIGEST, FORM, etc.) to authenticator (i.e. BasicAuthenticator, DigestAuthenticator, FormAuthenticator, etc.) in a file org/apache/catalina/startup/Authenticators.properties. When Tomcat is started, this property file is loaded. When your application specifies an authentication type via the auth-method element, the matching authenticator is loaded for your app's context. By default, Tomcat uses org.apache.catalina.authenticators.FormAuthenticator when FORM auth-method is specified. To specify a different authenticator there are three things you can do.


          1: unpack $YOUR_SERVER/deploy/jbossweb-tomcatXX.sar/catalina.jar. Modify Authenticators.properties file. Repack catalina.jar. Restart server.

          2: Same as 1, only leave catalina.jar unpacked.

          3: Use JBoss > 4.0.2. Now there is a way to specify authenticators in Tomcat's service descriptor file.


          Hope this helps, cgriffith


          • 2. Re: FormAuthenticator with User Output
            Michael Lorenz Newbie

            Hi cgriffith,

            thank you very much! After i copied my "self made Authenticator CLASS" to the catalina JAR and made the reference in the properties File: It is working :))

            Thx and greetings,
            Michael