Hi,
i got a real big problem that i must figure out a way out of it.
I got my application protected with JAAS, so users cannot access any pages or servles
withou a login. There's only one servlet (wich is not secure) that is the one that
actually logs the user in.
Heres the code of my login servlet.
| //...
| String j_username = (String)request.getParameter("j_username");
| String x = (String)request.getParameter("j_password");
|
| if (x != null){
| j_password = x.toCharArray();
| handler = new UsernamePasswordHandler(j_username, j_password);
| }
|
| LoginContext lc = null;
|
| try {
| lc = new LoginContext("example2", handler);
| lc.login();
|
|
| //this part doesn't matter very much
| Subject subject = lc.getSubject();
| Set principals = subject.getPrincipals();
| Principal user = new SimplePrincipal(j_username);
| principals.add(user);
|
| } catch (LoginException e) {
| // TODO Auto-generated catch block
| e.printStackTrace();
| throw new Exception();
| }
|
| // redirect to other page...
|
The above code runs perfectly! It logs the user correctly and then i'm forwared to
some other page.
But, when i get to this other page, everything is gone!!! I'm not logged anymore. If i
try to access another page in my application, i'm redirect to the login.jsp page
again!!!
I heard that this is because the multi-thread characteristic of the servlets, but
how can i workaround this??? how can i make this maintain my login through the rest of
my session???
Here's a piece of login-config.xml
| <application-policy name = "client-login">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| </login-module>
| </authentication>
| </application-policy>
|
|
|
| <application-policy name="example2">
| <authentication>
| <login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <!--<module-option
name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>-->
| <module-option
name="dsJndiName">java:/DefaultDS</module-option>
| <module-option name="principalsQuery">Select Password
from Principals where PrincipalID =?</module-option>
| <module-option name="rolesQuery">Select Role 'Roles',
RoleGroup 'RoleGroups' from Roles where PrincipalID =?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3845677#3845677
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3845677
-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
