We have a solution for Web applications deployed on same JBoss Instance to
delegate Authentication to different co-hosted web application.
Essentially For Web Application/Module ABC1, ABC2, , a Servlet Filter checks
for Request/Session parameters (for example USER_NAME, etc). If the Servlet
Filter does not find a user in request/session, then it forwards the Request to
the LOGON_XYZ Web App responsible for Authentication.
The LOGON_XYZ web application authenticates the User by validating the
credentials provided by the User.
Once the User is successfully Authenticated, the LOGON_XYZ web application a)
Sets the User information in the Request b) forwards the Request to the ABC1
web application. The ABC1 Web app Servlet Filter checks and finds a User in
the Request and allows User to continue to the requested page flow.
The Servlet Filter code is somewhat like this
| package somepackage;
|
| import java.io.IOException;
| import javax.servlet.Filter;
| import javax.servlet.FilterChain;
| import javax.servlet.FilterConfig;
| import javax.servlet.RequestDispatcher;
| import javax.servlet.ServletContext;
| import javax.servlet.ServletException;
| import javax.servlet.ServletRequest;
| import javax.servlet.ServletResponse;
| import javax.servlet.http.HttpServletRequest;
| import javax.servlet.http.HttpSession;
|
| /**
| *
| * MyServletFilter intercepts host web applications requests inspects to
verify if a User is logged in.
| * If a User is not logged in to the Host web application, the User is
forwarded to the LOGON_XYZ Web application for Authentication.
| * @author parmarv
| *
| */
|
| public class MyServletFilter implements Filter {
|
|
| private FilterConfig filterConfig = null;
|
| // This method is called once on server startup
| public void init(FilterConfig filterConfig) {
| this.filterConfig = filterConfig;
| }
| // This method is called once on server shut down
| public void destroy() {
| this.filterConfig = null;
| }
|
| public void doFilter(ServletRequest request, ServletResponse response,
| FilterChain chain) throws IOException, ServletException
{
|
| // Check if Attribute for this SessionID is available in the
ServletContext.
| boolean invokeLOGON_XYZ = false;
| if (request instanceof HttpServletRequest) {
| HttpSession session = ((HttpServletRequest) request)
| .getSession(true);
| if (session != null && session.isNew()) {
| // Invoke LOGON_XYZ.
| invokeLOGON_XYZ = true;
| } else {
| // Check For User in Session
| if
(session.getAttribute("USER_NAME_TOKEN_OR_ID") == null) {
| // User is not logged in since
USER_NAME_TOKEN_OR_ID is not available.
| // Invoke LOGON_XYZ
| invokeLOGON_XYZ = true;
| }else{
| // User is logged in since
USER_NAME_TOKEN_OR_ID is available.
| // Continue normal operation
| chain.doFilter(request, response);
| }
| if(invokeLOGON_XYZ){
| if (filterConfig != null) {
| String appContextLOGON_XYZ =
filterConfig.getInitParameter("LOGON_XYZ_CONTEXT");
| String dispatchPath =
"/ABC1_User_home.jsp";
| ServletContext sc =
this.filterConfig.getServletContext().getContext("/"+appContextLOGON_XYZ);
| RequestDispatcher rd =
sc.getRequestDispatcher(dispatchPath);
| rd.forward(request, response);
| return;
| }
| }
| }
| }
| chain.doFilter(request, response);
| return;
| }
| }
|
|
This solution only works for Web application that DO NOT use JBoss Container
Managed Security. This solution is advisable for a work around solution only. I
am currently working on a solution for the same for the current issue for my
project.
I have posted this solution only to show that it is possible to use a second
web app to delegate the authentication logic to.
HTH,
vparmar
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210866#4210866
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210866
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
