Is it really necessary to learn JAAS in order to authenticate users
in complex J2EE systems??
More API to learn, more complication and headache.
I would try to get away with it if I can.
Regards
----- Original Message -----
From: "Leandro Melo" <[EMAIL PROTECTED]>
To: "struts jakarta" <[EMAIL PROTECTED]>
Sent: Friday, August 20, 2004 4:40 PM
Subject: Struts login with JAAS (Part 2)
> I'm back!
> After getting some jaas studies, i'm a little bit
> better, so i can now formulate a better question.
>
> Here it is... (I know that this is not only a Struts
> question, because it envolves jaas, but i'm pretty
> sure that people over here could give me some advise
> on how to handle the problem).
>
>
> I got my application protected with JAAS, so users
> cannot access any pages or servles withou a login. I
> build then an Action to handle login stuff.
>
> Heres the code of my LoginAction (execute method).
>
> //...
> String j_username =
> (String)request.getParameter("j_username");
> String x = (String)request.getParameter("j_password");
>
> if (x != null){
> j_password = x.toCharArray();
> handler = new UsernamePasswordHandler(j_username,
> j_password);
> }
>
> LoginContext lc = null;
>
> try {
> lc = new LoginContext("example2", handler);
> lc.login();
>
>
> //this part doesn't matter very much
> Subject subject = lc.getSubject();
> Set principals = subject.getPrincipals();
> Principal user = new SimplePrincipal(j_username);
> principals.add(user);
>
> } catch (LoginException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> throw new Exception();
> }
>
> return mapping.findForward("index");
>
>
>
> The above code runs perfectly! It logs the user
> correctly and then i'm forwared to my index page.
> [b]But[/b], when i get to index, everything is gone!!!
> I'm not logged anymore. If i try to access another
> page in my application, i'm redirect to the login.jsp
> page again!!!
>
> I heard that this is because the multi-thread
> characteristic of the servlets, but
>
> How can i workaround this??? how can i make this
> maintain my login through the rest of my session???
>
>
> Here's a piece of login-config.xml
>
> <application-policy name = "client-login">
> <authentication>
> <login-module code =
> "org.jboss.security.ClientLoginModule"
> flag = "required">
> </login-module>
> </authentication>
> </application-policy>
>
>
>
> <application-policy name="example2">
> <authentication>
> <login-module
> code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag="required">
> <!--<module-option
>
name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Default
DS</module-option>-->
> <module-option
> name="dsJndiName">java:/DefaultDS</module-option>
> <module-option name="principalsQuery">Select
> Password from Principals where PrincipalID
> =?</module-option>
> <module-option name="rolesQuery">Select Role
> 'Roles', RoleGroup 'RoleGroups' from Roles where
> PrincipalID =?</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
>
> Thanks and regards,
> Leandro
>
>
>
>
>
> _______________________________________________________
> Yahoo! Acesso Gr�tis - navegue de gra�a com conex�o de qualidade!
> http://br.acesso.yahoo.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
