Hi everyone.
I am developing web application and trying to achieve the following:
When accessing session beans I want the bean?s caller identity to be a constant
value no related to do user login information. Reason: I am using beans from
defined in another web application which uses container managed authentication
and there is caller identity /principal name/ check within a filter.
So far I have tried to make my own CustomLoginModule which takes principal name
and roles from the options map. I have a ?dummy? login page with hidden form
having both j_username and j_password fields empty. The form action is
j_security_check, and it?s invoked automatically.
Everything looks fine when I start the application automated login process
leads me to my web app welcome page and I have the following request attribute:
j_subject = Subject: Principal: myPrincipal Principal: Roles(members:myRoles)
But when I obtain a session bean its caller identity is void (principal name ==
??, roles ==??)
I found out that those values within the caller identity are the values of the
j_username and j_password and I cannot set the outside of the form.
Trying to find out what does j_security_check do I have found the Catalina
source used for the container managed authentication within the tomcat
container.
Here is a snippet that get my attention:
Public static Constants {
????
public static final String FORM_PASSWORD = "j_password";
public static final String FORM_USERNAME = "j_username";
????
}
public class FormAuthenticator extends AuthenticatorBase {
????.
public boolean authenticate(HttpRequest request, HttpResponse response,
LoginConfig config) throws IOException {
???..
Realm realm = context.getRealm();
String username = hreq.getParameter(Constants.FORM_USERNAME);
String password = hreq.getParameter(Constants.FORM_PASSWORD);
if (debug >= 1)
log("Authenticating username '" + username + "'");
principal = realm.authenticate(username, password);
I believe this piece of code does principal registration and when i have no
j_username and j_password specified within the login form i am having void
caller identity.
I wondered if I can obtain a reference to the realm within my
CustomLoginModule.initialize() or login() methods.
Or if there is a way to impersonate my web application and set a constant
?caller identity?. This will be even better.
Thanks in advance for your advice.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3900276#3900276
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3900276
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
