[jboss-user] [Security & JAAS/JBoss] - Programmatic login feature backport to JBoss 4.0.5 - help ne

Plukh do-not-reply at jboss.com
Tue Dec 18 17:48:41 EST 2007

Our company is migrating a large project from Orion to JBoss 4.0.5. This application relies on programmatic login in the Web tier. It is not practical to change that at this point, and we can't move to JBoss 4.2.x as well :-(. So I'm left with the only choice - to backport programmatic login feature from JBoss 4.2.0 to JBoss 4.0.5.

Well, it seemed simple enough - add a ThreadLocal to store active request to SecurityAssociationValve, and add WebAuthentication class to handle actual login/logout. I did this, rebuilt JBoss, changed the application - and it had even worked. Sort of.

Programmatic login works for exactly one request. When WebAuthentication.login() is called, the session becomes authenticated (all proper objects/roles are set appropriately). After the request ends, the session looses its authenticated status, and all requests after the one which did login become unauthenticated ones :-(((.

Does anyone have an idea why this could happen, and/or what to do to fix this? As a temporary solution, I've implemented a filter which just repeats the login on each request - but, of course, this is not suitable for production environment.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4114005#4114005

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4114005

More information about the jboss-user mailing list