1 Reply Latest reply on Jan 26, 2007 12:32 AM by Erica Kane

    Calling LoginModule in JBoss

    Maciek Starzyk Newbie

      Hi,

      I need some help in running authentication in JBoss.
      I have a custom JAAS login module that handles SAML SSO
      authentication.
      A servlet calls the LoginModule upon receiving a SAML response
      After calling LoginContext.login() I have a successfully authenticated
      Subject.
      Then I need to assign this Subject to session.

      In WebLogic I can do:

      // weblogic.servlet.security.ServletAuthentication
      ServletAuthentication.runAs(subject, request);
      


      How can it be done in JBoss ?
      Here is a code snippet:

      if (/* request has cert */) {
       cert = request.getAttribute("cert");
       CallbackHandler handler = new CertCallbackHandler(cert);
       LoginContext lc = new LoginContext("composer-saml-cert", handler);
       try {
       lc.login();
       Subject subject = lc.getSubject();
      
      // **** << assign subject to request >> **** !!!!!!!!!!!!!!!!!!
      
       } catch(LoginException e) {
       // XXXX
       }
      }
      

      Thanks for any pointers,
      Maciek