[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea
Wolfgang Knauf
do-not-reply at jboss.com
Tue Oct 13 05:50:39 EDT 2009
Hi Michael,
I hope that I am not too annoying by insisting on the use of "WebAuthentication", but I still think that your use case should basically work with it. I am not sure whether the problems result from usage of it in the Struts2 action or whether they are a matter of some other error.
First of all: to get the servlet request inside your Action, implement the interface "org.apache.struts2.interceptor.ServletRequestAware" instead of calling "ServletActionContext.getRequest()". Maybe the latter creates new request instance where the login information is missing.
To test the login stuff, I would advice you to create a complete new web client for your app without struts, and use a plain servlet to perform a login in "doGet" or "doPost". If this works, then you know that your login module is OK and you can continue with your "real" app.
Your concerns about "j_security_check" and form based login: take a look at this link: http://roneiv.wordpress.com/2008/03/15/using-webauthentication-in-jboss/ . Though it is for JSF, it shows how to use a login form with a custom login servlet.
Hope this helps
Wolfgang
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260033#4260033
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260033
More information about the jboss-user
mailing list