[jboss-user] [Security & JAAS/JBoss] - explicit authentication via JAAS in a web app
atamur
do-not-reply at jboss.com
Wed Aug 23 06:11:59 EDT 2006
1. I don't need declarative security, because our application is ajax based
2. I need JAAS, because I'd like to use it with ejb
3. The only option I see (setting aside some perverse methods including servlets, redirects and j_security_check) is to do login stuff manually.
So, now I'm struggling to implement a method:
void authenticateUser(HttpServletRequest, long userId, String role)
that should bind current user session to some principle with given userId and role. User and password are already tested against DB and authorized. Now I need JAAS to know about this.
As far as I understand, I cannot use stuff like this in a servlet
| LoginContext lc = null;
| lc = new LoginContext("Sample", new MyCallbackHandler());
| lc.login();
Can some one help me?
PS there is a lot of legacy code, so I really cannot use FORM base authentication as my primary method of authentication
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966917#3966917
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966917
More information about the jboss-user
mailing list