It's not entirely clear what you want to do. The documentation you point to is still fairly accurate but not really relevant IIUC.
In servlet 3.0 (implemented in geronimo 3.0, not yet released but this part is working), there are new methods on HttpServletRequest where you can either force a login (e.g. form or basic) that has been otherwise configured for the web app or login using username and password you have collected yourself somehow. After this login all container managed security will work just as if the user had tried to access a protected resource and been logged in automatically. Before servlet 3.0 you can always get some credentials and login but the resulting subject won't automatically be known to the container and container managed security won't work at all unless you do something to register the result. I think I've given some advice on how to do this on the user list in the past. IIRC you want to do something like LoginContext lc = org.apache.geronimo.security.ContextManager.login(realm, callbackHandler); ContextManager.registerSubject(lc.getSubject()); ContextManager.setCallers(lc.getSubject(), lc,getSubject()); //do work ContextManager.clearCallers(); ContextManager.unregisterSubject(lc.getSubject()); lc.logout(); hope this helps david jencks On Feb 20, 2011, at 4:26 PM, Andreas Bohnert wrote: > dear list, > > there is an example (time report) on how to configure a form based login > (j_security_check) but how am I'm doing a programmatic login with geronimo? > I can not find any references on how to do this with geronimo 2.x > > I found this, but I wonder if it is still up to date: > http://docs.huihoo.com/apache/geronimo/1.0/geronimo-and-jaas.html > > If the above documentation is obsolet: > Do I need to write a login-config.xm and how does it look like? > Are there any callbackhandler implementations that I can pass to a > LoginContext? > > Any help is very much appreciated. > > Andreas > .
