[jboss-user] [Security & JAAS/JBoss] - Calling LoginContext.login successful but SSO cookie not se

bmcgovern do-not-reply at jboss.com
Wed Nov 15 10:09:58 EST 2006 

Ive gotten SSO to work for jboss portal and a supporting webapp  on the same virtual host.  But my login routine not only needs to authenticate the user against jboss portals user database, but also pull some information from a supporting database and work with it.

My problem is that I created a login method in my business layer that executes the following code and succesfully returns true of false for my login credentials.  It however does not set the SSO cookie and I cannot figure out why not.  

Incidently I tested the security constraint and login-config with both BASIC and FORM authentication and it works like a charm.  Without changing anything but the login forms action from j_security_check to a MyController,  which calls the method below  -- it was working fine. 

Any help ?  Anyone.. Bueller?

Heres the code:
My Authentication Class

  | public class SSOLogin {
  | 	protected static final Log log = LogFactory.getLog(SSOLogin.class);
  | 
  |  
  | 
  | 	public boolean authenticate(String userid, String password) throws LoginException {
  | 		log.info("SSOLogin.authenticate(String, String) was called.");
  | 		boolean result = false;
  | 		try {
  | 			log.info("SSOLogin.authenticate(String, String) creating LoginContext.");
  | 			LoginContext loginContext = new LoginContext("myauth", new SSOCallbackHandler(userid, password));
  | 			log.info("SSOLogin.authenticate(String, String) executing login.");
  | 			loginContext.login();
  | 			result = true;
  | 		} catch (LoginException e) {
  | 			// A production quality implementation would log this message
  | 			log.info("Exception:: " + e.getMessage());
  | 			result = false;
  | 			throw e;
  | 		}
  | 		log.info("SSOLogin.authenticate(String, String) exiting method - Login was " + result);
  | 		return result;
  | 	}
  | }
  | 

Which depends on a custom callback handler: 


  | public class SSOCallbackHandler implements CallbackHandler {
  | 		   protected static final Log log = LogFactory.getLog(SSOCallbackHandler.class);
  | 		  
  | 		   private String username;
  | 		   private char[] credentials;
  | 
  | 		   public SSOCallbackHandler(String username, String credentials) {
  | 		      super();
  | 		     
  | 		      this.username = username; 
  | 		      this.credentials = credentials.toCharArray();
  | 		   }
  | 
  | 		   public void handle(Callback callbacks[])throws IOException, UnsupportedCallbackException {
  | 
  | 		      for (int i = 0; i < callbacks.length; i++) {
  | 		         if (callbacks instanceof NameCallback) {
  | 		            ((NameCallback) callbacks).setName(username); 
  | 		         }
  | 		         else if (callbacks instanceof PasswordCallback) {
  | 		            ((PasswordCallback) callbacks).setPassword(credentials);
  | 		         } else {
  | 		            throw new UnsupportedCallbackException(callbacks);
  | 		         }
  | 		      }
  | 		   }
  | 		}
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3986161#3986161

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3986161

More information about the jboss-user mailing list