Mark, sorry to not be a ton of help here, but I'm away from some code I have where I know I did this (meaning, I invoked my LoginModule manually instead of using container-based auth). I did this with JBoss, not Tomcat, as I recall. And yes, it does have something to do with writing a CallbackHandler. That is the guy who gathers credentials at the time of authentication. In your case, the CallbackHandler implementation would have the username and password for example as instance fields. When the callback methods are invoked, your handler simply returns the values of those fields. You set the values of those fields when you instantiate your CallbackHandler in your Action code (based on whatever you gathered from your form). This seems weird, but the callback design makes more sense when you consider that the username and password might need to be provided right then and there on the command line in some other type of setup.
There is a white paper out there on the Web by Scott Stark (JBoss) on JAAS (I think it is called "JAAS HowTo"). It shows you how to write a CallbackHandler, how to invoke the LoginModule, etc. I couldn't find it in the quickest of searches but I still see many mentions of it. I'm not sure though how much adaptation will be involved if you are doing this with Tomcat. I remember trying to get help with this on the Tomcat User list, but got none. At least the source is available if you're really tenacious. If you cannot find the paper, I know I have a copy of it on another box. I could find it and send it to you . . . . I think I have that code lying around somewhere too (I hope I haven't lied about what I did . . . ). Good luck, Erik -----Original Message----- From: Mark Benussi <[EMAIL PROTECTED]> Sent: Aug 8, 2005 6:37 PM To: 'Struts Users Mailing List' <user@struts.apache.org> Subject: My first JAAS implementation. Part 2 OK. So I got the code working. Great! I can now login using form authentication and call the all important request.isUserInRole and more importantly <action roles="role1"> I now want to ditch this form authentication. It's not what I need as it doesn't give me enough control over my individual sites. My simple question is this. How can I submit a Struts form to a Struts action and then invoke my LoginModule? Is it something to do with writing a CallbackHandler? Your help and time is appreciated.. (Hate saying that but it sums it up nicely). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
