[jboss-dev-forums] [JBoss Web Development] - Authenticate credentials with LDAP for specific requests (after logging in)

[John G]

John G [https://community.jboss.org/people/kvcxn] created the discussion

"Authenticate credentials with LDAP for specific requests (after logging in)"

To view the discussion, visit: https://community.jboss.org/message/779429#779429

--------------------------------------------------------------
I have a web application that I deploy using JBoss 5.2. In order for a user to use the application, he/she must authenticate with an LDAP server (using simple authentication) with a username and password. This is all done through setting up the login-config.xml for JBoss and providing a <login-module> with our implementation.

The problem comes in here: After having logged in, I have a scenario that requires the user to provide a username & password when a particular action is performed (which I will also authenticate with the LDAP server). I want to be able to reuse the same mechanism that I use for authenticating the user into the web application.

My form to log in to the application posts to j_security_check so in accordance with this, I was trying to send a request to j_security_check but JBOSS returns a 404. From reading around a bit, I've gathered j_security_check cannot be accessed by any arbitrary request and must be in response to a challenged request to a secured resource.

So then, how can I authenticate the second set of credentials the user has provided with the same LDAP server?
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/779429#779429]

Start a new discussion in JBoss Web Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2112]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20121130/a480ba7f/attachment.html