[jboss-user] [Security & JAAS/JBoss] - explicit authentication via JAAS in a web app

Wednesday, 23 August 2006

1. I don't need declarative security, because our application is ajax based
2. I need JAAS, because I'd like to use it with ejb
3. The only option I see (setting aside some perverse methods including servlets,
redirects and j_security_check) is to do login stuff manually.

So, now I'm struggling to implement a method: 
void authenticateUser(HttpServletRequest, long userId, String role)
that should bind current user session to some principle with given userId and role. User
and password are already tested against DB and authorized. Now I need JAAS to know about
this.

As far as I understand, I cannot use stuff like this in a servlet

  | LoginContext lc = null;
  | lc = new LoginContext("Sample", new MyCallbackHandler());
  | lc.login();

Can some one help me?

PS there is a lot of legacy code, so I really cannot use FORM base authentication as my
primary method of authentication

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966917#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - explicit authentication via JAAS in a web app