[jboss-user] [Security & JAAS/JBoss] - Programmatic Login Advice

pander do-not-reply at jboss.com
Fri Dec 1 08:34:36 EST 2006 

Hi,

I am running JBOSS 4.05GA and using FORM based authentication. Everything in my webapp, including the security/authentication is working fine, however, a new requirement has emerged which means that a windows application which opens up a browser and requests a page within my webapp must be able to login. I have setup a JSP for testing (not a protected resource) that accepts a username and password and attempts a programmatic login and then to redirect to the user's homepage within the webapp.

Here is how I have been trying to get this to work.


  | <%
  |     UsernamePasswordHandler handler = new UsernamePasswordHandler("userxxx","passwordxxx");
  |     LoginContext lc = null;
  |     
  |     try 
  |     { 
  |         lc = new LoginContext("MySecurityRealm", handler); 
  |         lc.login();
  |         log.info("We're cookin on gas!");
  | 
  |         // Everything from here on should automatically be associated with 
  |         // the Subject authenticated by the login 
  |         
  |     } catch (Exception e) { 
  |         // handle exception
  |         log.error(e.getMessage());
  |     } 
  | 
  | %>
  | <c:redirect url="/homePage.do"/>
  | 

I have a custom written login module within "MySecurityRealm" which inherits from DatabaseServerLoginModule and performs my webapp logins. I included debug inside the class to see what was happening and the call by lc.login() in the code above correctly calls and executes a user login within my realm (defined in my login-config.xml) and returns without error. I can see in the server logs the database queries to authenticate the user and get their roles etc. and that these all seem fine, however, I think I must be missing some code as I'm guessing that perhaps the login credentials are not being populated somewhere where they are required as the redirect to homePage.do simply sends me straight back to the normal "FORM based" login of my webapp.

Can anyone help me out or point me in the direction of what is missing or perhaps suggest an alternative? I've heard that the Jakarta Commons HttpClient API provides methods for performing a programmatic login.... should I be using this instead?

Any help is greatly appreciated.
Kind Regards,
Paul.






View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3990437#3990437

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3990437

More information about the jboss-user mailing list