[jboss-dev-forums] [JBoss AS 7 Development] - JBoss Jaas Jersey Rest Authentication and forwarding

[Coen Damen]

Coen Damen [https://community.jboss.org/people/coenos] created the document:

"JBoss Jaas Jersey Rest Authentication and forwarding"

To view the document, visit: https://community.jboss.org/docs/DOC-48570

--------------------------------------------------------------
Hi,

I have the following Rest service which bypasses the form login and instead authenticates via the Rest service. This is working fine EXCEPT......I need to call the rest URL twice before I am forwarded to the home.xhtml page. The first time I get the login screen.

Now, what I don't understand (and can't get to work) is that I am presented with the login screen ALTHOUGH there is a session AND the JAAS login worked already during the first call. Why does the Server not recognize there is already an authenticated session in the browser.

How can this be fixed ? Or is there another mechanism I need to implement ? Maybe I am missing some fundamental understanding here ?

@GET
    @Path("login/{username}/{password}")
    public void login(@PathParam(value = "username") String username,
            @PathParam(value = "password") String password,
            @Context HttpServletRequest request,
            @Context HttpServletResponse response) throws NamingException,
            ServletException {

        try {
            request.login(username, password);
        } catch (ServletException e) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }

        // all is well
        String passwordhash = Util.createPasswordHash("MD5",
                Util.BASE64_ENCODING, null, null, password);

        userService = (UserService) new InitialContext()
                .lookup("java:global/vrs-web/UserService");

        User user = userService.getUserByUsernameAndPassword(username,
                passwordhash);

        if (user == null) {
            throw new WebApplicationException(Response.Status.BAD_REQUEST);
        }

        try {
            URI uri = new URI("../user/home.xhtml");

            // Response.

            // return Response.temporaryRedirect(uri).build();
        } catch (URISyntaxException e) {
            // TODO Auto-generated catch block
            throw new WebApplicationException(Response.Status.NOT_ACCEPTABLE);
        }

        String baseUrl = getBaseUrl(request);

        try {
            response.sendRedirect(baseUrl + "/user/home.xhtml");

        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }


I tried both Response.temporaryRedirect and the response.sendRedirect. Both have the same effect.

Do I need to implement a filter or something?

Thanks for your help!
Coenos
--------------------------------------------------------------

Comment by going to Community
[https://community.jboss.org/docs/DOC-48570]

Create a new document in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130410/09673cf0/attachment.html