[jboss-user] [Security & JAAS/JBoss] - Re: Adding data to session after login
warrenc6
do-not-reply at jboss.com
Wed Jul 12 20:31:40 EDT 2006
The flaw is that loginmodule and request sessions are not interoperable
I propose a solution thus,
after requesting j_login_config and performing a successful login automaticall redirected to the protected resource. Perhaps you need to use a FilterChain mapping on * and call getUserPrinciapl then cast the ServletRequest to HttpServletRequest and get the session. Check the session for the principal is null or equality. If it is null or not not equal, then the user has logged in or relogged in.
Hope this help/works
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3957587#3957587
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3957587
More information about the jboss-user
mailing list