2 Replies Latest reply on Apr 16, 2008 9:43 AM by Christian Longberg

    Calling LoginContext.login  successful but SSO cookie not se

    Brian McGovern Newbie

      Ive gotten SSO to work for jboss portal and a supporting webapp on the same virtual host. But my login routine not only needs to authenticate the user against jboss portals user database, but also pull some information from a supporting database and work with it.

      My problem is that I created a login method in my business layer that executes the following code and succesfully returns true of false for my login credentials. It however does not set the SSO cookie and I cannot figure out why not.

      Incidently I tested the security constraint and login-config with both BASIC and FORM authentication and it works like a charm. Without changing anything but the login forms action from j_security_check to a MyController, which calls the method below -- it was working fine.

      Any help ? Anyone.. Bueller?

      Heres the code:
      My Authentication Class

      public class SSOLogin {
       protected static final Log log = LogFactory.getLog(SSOLogin.class);
      
      
      
       public boolean authenticate(String userid, String password) throws LoginException {
       log.info("SSOLogin.authenticate(String, String) was called.");
       boolean result = false;
       try {
       log.info("SSOLogin.authenticate(String, String) creating LoginContext.");
       LoginContext loginContext = new LoginContext("myauth", new SSOCallbackHandler(userid, password));
       log.info("SSOLogin.authenticate(String, String) executing login.");
       loginContext.login();
       result = true;
       } catch (LoginException e) {
       // A production quality implementation would log this message
       log.info("Exception:: " + e.getMessage());
       result = false;
       throw e;
       }
       log.info("SSOLogin.authenticate(String, String) exiting method - Login was " + result);
       return result;
       }
      }
      


      Which depends on a custom callback handler:

      public class SSOCallbackHandler implements CallbackHandler {
       protected static final Log log = LogFactory.getLog(SSOCallbackHandler.class);
      
       private String username;
       private char[] credentials;
      
       public SSOCallbackHandler(String username, String credentials) {
       super();
      
       this.username = username;
       this.credentials = credentials.toCharArray();
       }
      
       public void handle(Callback callbacks[])throws IOException, UnsupportedCallbackException {
      
       for (int i = 0; i < callbacks.length; i++) {
       if (callbacks instanceof NameCallback) {
       ((NameCallback) callbacks).setName(username);
       }
       else if (callbacks instanceof PasswordCallback) {
       ((PasswordCallback) callbacks).setPassword(credentials);
       } else {
       throw new UnsupportedCallbackException(callbacks);
       }
       }
       }
       }