0 Replies Latest reply on Nov 22, 2003 7:51 AM by sys user

    Web login using jaas with getUserPrincipal null

    sys user Master

      Hi,

      I'm trying to use jaas for the authentication and even it works when I use request.getUserPrincipal the return value is null.

      My configuration is particular and I don't know if It's correct because I've an Authentication filter working like login's controler and a LoginServlet who do the loginContext.login() using a custom Rdbms login modules.

      The authentication is ok because the loginContext.getSubject() return the correct user with the corrects roles but when I try request.getUserPrincipal() the authenticated user doesn't exist, even if I did request.setAttribute('j_subject', loginContext.getSubject()) or request.getSession().setAttribute('j_subject', loginContext.getSubject()) after the loginContext.login() in my LoginServlet.

      On the other hand if I use the form login in the web.xml insteadof my LoginServlet all it's ok.

      So, after this long history I'd like to know how I bind my subject or what I've to do to reach my login's subject from the web components.

      There's some specific class where I've to bind my subject so the request.getUserPrincipal() works?.

      <web-app>

      <filter-name>AuthenticationFilter</filter-name>
      <display-name>AuthenticationFilter</display-name>
      <filter-class>filter.AuthenticationFilter</filter-class>
      <init-param>
      <param-name>httpScheme</param-name>
      <param-value>https</param-value>
      </init-param>
      <init-param>
      <param-name>httpPort</param-name>
      <param-value>443</param-value>
      </init-param>

      <!-- Filters mappings -->
      <filter-mapping>
      <filter-name>AuthenticationFilter</filter-name>
      <url-pattern>*.do</url-pattern>
      </filter-mapping>
      <!-- Servlets - Actions -->

      <servlet-name>loginServlet</servlet-name>
      <display-name>loginServlet</display-name>
      <servlet-class>login.LoginServlet</servlet-class>
      <init-param>
      <param-name>httpScheme</param-name>
      <param-value>http</param-value>
      <init-param>
      <param-name>httpPort</param-name>
      <param-value>80</param-value>


      <servlet-name>homeJsp</servlet-name>
      <display-name>homeJsp</display-name>
      <jsp-file>/home.jsp</jsp-file>


      <servlet-name>loginJsp</servlet-name>
      <display-name>loginJsp</display-name>
      <jsp-file>/login.jsp</jsp-file>

      <!-- Servlets mappings -->
      <servlet-mapping>
      <servlet-name>homeJsp</servlet-name>
      <url-pattern>/home.do</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>loginJsp</servlet-name>
      <url-pattern>/login.jsp</url-pattern>
      </servlet-mapping>
      <servlet-mapping>
      <servlet-name>loginServlet</servlet-name>
      <url-pattern>/j_security_check</url-pattern>
      </servlet-mapping>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>login</web-resource-name>
      login page
      <url-pattern>*.do</url-pattern>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>*</role-name>
      </auth-constraint>
      </security-constraint>
      </web-app>