[jboss-user] [Security & JAAS/JBoss] - Re: How to authenticate to the JBoss server without FORM aut
Marcos_APS
do-not-reply at jboss.com
Fri Aug 8 13:29:18 EDT 2008
"ragavgomatam" wrote : There is, I believe another way, without using FORM authentication, you can use Programmatic login (using WebAuthentication) . You will have to refer to the documentation for more details..Check out this url
| http://wiki.jboss.org/wiki/WebAuthentication
Hello, ragavgomatam!
I've been testing WebAuthentication, as suggested by you, and I'm getting some good, and also strange, results. Below are some test that I made (with comments):
Test 1 (with a valid user and password):
| WebAuthentication authentication = new WebAuthentication();
| authentication.login("90000005", "1vgd4m");
| System.out.println(context.getUserPrincipal()); // 90000005
| System.out.println(context.isUserInRole("USUARIO")); // true
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // true
|
| // Session bean method call ok
| System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
|
| authentication.logout();
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
Test 2 (without a valid user and password):
| WebAuthentication authentication = new WebAuthentication();
| authentication.login("90000005abc", "1vgd4mabc");
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
| // Session bean method call ok (but why?)
| System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
|
| authentication.logout();
| System.out.println(context.getUserPrincipal()); // null
| System.out.println(context.isUserInRole("USUARIO")); // false
| System.out.println(context.isUserInRole("ADMINISTRADOR")); // false
|
Test 3 (without authentication):
| // Session bean method call ok (but why? this is very strange)
| System.out.println(FabricaDados.getInstancia().getLocalizadorCampi().localizarCampi().get(0).getNome()); // 'CRAJUBAR'
|
Could you explain why the session bean's method calls are working even with a invalid user and even without authentication?
Thank you.
Marcos
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169664#4169664
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169664
More information about the jboss-user
mailing list