[jboss-user] [Security & JAAS/JBoss] - Autologin with JAAS

bjornn do-not-reply at jboss.com
Wed Nov 1 07:08:08 EST 2006


I'm using JAAS with basic autentication and database login module in my web app and everything works fine.

But I think that I will have problem at one point:

In my web app, when the user create your account, he is automatically logged in when he inputs the name, choosen login, valid email and password.

I do not force the user to type you login(newly created) and password. If he is creating an account, he is logged in with the login and password chosen. How to do this with JAAS?

I think that I'll need to "fool" the JAAS and put something in request/session or whenever to "say": "hey JAAS, this guy is already logged in. Don't disturb him to ask for login/password". How can I do this?

For newly created users, there will be just one role named "regular user"
automatically assigned at account creation time. There is some class that I can instanciate to represent the user, another to represent the role and assign the role with the user? E.g:

  | Principal p = new Principal();
  | p.setName(USER_LOGIN)
  | Role r = new Role("regular user");
  | p.setRole(role);
  | session.put(p);

And after this, the JAAS could understand that the user is authenticated.

I hope I have myself clear.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982345#3982345

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982345

More information about the jboss-user mailing list