I think I am going through the same kind of problem.
All my login process is made from a bunch of code inside a class that is hooked to a session (as an attribute).
Like for Craig, the login step pass successfully (telling me when a user is not in my database or when a bad password is given ...) but when the next calls from the servlet to the SLSB are made, they do not go through the client' session loginContext thus not providing any principals to JBoss.
In the servlet, I do something like that :
<code>
/*
* I retrieve the LoginInfo :
* a class that holds username, password, LoginContext and flags
*/
LoginInfo login = (LoginInfo)(context.getHttpSession().getAttribute("LoginInfo"));
/*
* If not logged, logs in
* This steps is *no problem* :
* it uses the databaseLoginModule specified in login-config.xml
*/
if (!login.isLogged()) {
login.login()
}/*
* Call the SLSB method through the singleton that holds interfaces references
* This step *fails* as JBoss says that no principals are associated with the call
*/
Vector tasks = RemoteHomeCaching.getInstance().getCalendrier().getTasksByPersonneNameAndDate(login.getUserName(), today, today);
</code>
Is it a dead-end ?
Thanks, ionel
Scott M Stark wrote:
That is not going to work as your going outside of the standard mechanisms for propagating security to the web container. You have to integrate deeply with the web container using a custom valve for example in tomcat.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message ----- From: "Craig Berry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 03, 2003 1:54 PM
Subject: RE: [JBoss-user] auth login config file from JSP
Again, form-based login works fine with this setup. But if I try to do a login from code in a servlet, like this:
LoginContext lc = new LoginContext("userdb", this);
lc.login();
(with 'this' providing a callback that gives the special username and
password required in this situation), I get no sign of a login failure,
and the resulting lc can provide a Subject with the seemingly correct
information in it, but nonetheless when I hit a protected servlet after
this code has run I get shunted over to my login form as if no
authentication had occurred.
Please help; I'm tearing my hair out trying to understand this!
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
