-
15. Re: Am I missing a trick?
Yeeeeeeeeeeeeeehaaaaaa!!!!
j2ee_junkie, I've fixed it !!
Firstly, the log4j problem is now resolved... I had a log4j.jar in my lib directory under WEB-INF which was causing loads of errors in JBOSS startup. With that taken out the TRACE seems to work properly now.
Last night when I got home I tried to add the FormAuthValve and just got the same old "null", "null" when attempting to access the username and password values. I added the FormAuthValve in the following manner:<Context cookies="true" crossContext="true">
<Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
includePassword="true" />
<Valve className="org.jboss.web.tomcat.security.FormAuthValve"
includePassword="true" />
</Context>
As you can see, I added it via my context.xml and in addition to the already present ExtendedFormAuthenticator. THIS is the problem. I don't know if this is a bug or just something that you are not supposed to do but when you use both the ExtendedFormAuthenticator and the FormAuthValve together in context.xml they don't work. As soon as I took out the definition for the ExtendedFormAuthenticator the whole thing works beautifully!!!
If you are not supposed to use the Valves together/at the same time then I think some kind of error should be generated during startup?
j2ee_junkie and anil, thank you very much for all your help.
j2ee_junkie, I would still be interested to find out the more complicated way of getting at this information as you suggested...I'm eager to learn! Do you have an example you could send me or post?
Cheers.
Paul. -
16. Re: Am I missing a trick?
don't know why my quote above didn't come out... it's blank !!
Try again...<Context cookies="true" crossContext="true">
<Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
includePassword="true" />
<Valve className="org.jboss.web.tomcat.security.FormAuthValve"
includePassword="true" />
</Context>
Paul. -
17. Re: Am I missing a trick?
3rd time lucky !!
<Context cookies="true" crossContext="true"> <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator" includePassword="true" /> <Valve className="org.jboss.web.tomcat.security.FormAuthValve" includePassword="true" /> </Context>
-
18. Re: Am I missing a trick?
Paul,
That is great news. However, your discovery does not exactly make sense to me. There is no restriction on the number of valves used. I would imagine there would be a problem if you listed more than one Authenticator (a Tomcat interface) valve, but this was not your case. I personally believe that having both valves configured was not your problem.
O.K. now on to another way to do what you want. As a side note, using a valve to get these values works, but I think is not very portable since valves are Tomcat specific. If I needed this requirement (which I am not sure why your application needs the password anyway), I would implement a LoginModule that stores the password in the authenticated Subject per JAAS spec. Then use the PolicyContext to get the authenticated Subject (as you did before.) And finally get username and password from Subject.
If you need more detail let me know. Otherwise, have fun, cgriffith -
19. Re: Am I missing a trick?
Ok, pander. Now I guess you can go and enjoy ur weekend.
Regarding your complaint of lack of documentation on capturing the userid/password in form authentication, I disagree because all our other users/customers who have asked similar questions had no complaints, after being provided the same wikis.
Plus this is non-standard behavior wherein you try to add hooks to the container authentication process to capture the userid/password to be made available in the session. Thank Tomcat Valves for that because they allow u to hook in, before the container has done all security decisions. Servlet Filters will not do the trick. Hence this is a "non-standard" usecase which means there is no need to document or preach.
Enjoy ur weekend.