[JBoss-user] [Security & JAAS/JBoss] - Authenticating user in servlet

Mon, 10 Jul 2006 02:42:35 -0700 

Hi,

I have a proprietary client which sends a hardware ID in the http request for 
authenticating the device.

But we want to use the standard J2EE security mechanisms in our application and 
use the vendor neutral api request.isUserInRole() and getRemoteUser().

So I deveolped an Authenticator extending AuthenticatorBase. This authenticator 
takes the device identifier from the request and looks up a username and 
password in a device table in the database. So I have a mapping from the device 
id to a username and password.
These credentials are used to authenticate the user to the jboss security 
modules:

        Principal principal = realm.authenticate(username, password);
  |         if (principal == null) {
  |             response.sendError(HttpServletResponse.SC_FORBIDDEN);
  |             return false;
  |         }
  | 
  |         //Save the authenticated Principal in our session
  |         session.setNote(Constants.SESS_USERNAME_NOTE, principal);
  |         request.setUserPrincipal(principal);
  |         request.setAuthType("PENSERIAL");
  |         return true;

This approach works, if the device id comes in the request headers of the http 
request. But unfortunately the device identifier is stored in a multipart 
request body. So I would have to access the body of the request in the 
authenticator. But if I access the body in the authenticator the servlet will 
get streaming errors accessing the body after the authenticator was executed.

So the aproach with the authenticator does not help me. Is there a possibility 
to execute a login to the jboss container from inside the servlet so that the 
request is modified from the container to contain the principal and the 
isUserInRole method succeeds?

Something like 

JBossAPI.getSecurityRealm().authenticate(username,password);

Regards
Jochen

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3956529#3956529

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3956529


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to