Hey all, System: Tomcat 6.0.15, JDK 6.0, Windows Vista BE.
I've been tasked with creating a custom login module that will integrate with our current system (which uses the ole request.getRemoteUser() call some). I need to figure out what I'm not doing to integrate with the Tomcat container: My problem is that event though I have the right information in the subject, the tomcat container does not recognize the user as logged in, nor does request.getRemoteUser() change from being null. Any ideas? public class SomePage { public String login() { HttpServletResponse response = FacesUtils.getResponse(); HttpServletRequest request = FacesUtils.getRequest(); HttpSession session = request.getSession(true); Subject subject = (Subject) session .getAttribute("javax.security.auth.subject"); if (subject == null) { subject = new Subject(); } session.setAttribute("javax.security.auth.subject", subject); LoginContext lc = null; try { lc = new LoginContext("Jaas", subject, new HttpAuthCallbackHandler()); System.out.println("established new logincontext"); } catch (LoginException le) { try { le.printStackTrace(); response.sendError(HttpServletResponse.SC_FORBIDDEN, request .getRequestURI()); } catch (IOException ioE){ ioE.printStackTrace(); } return "failure"; } try { lc.login(); // if we return with no exception, authentication succeeded } catch (Exception e) { try { System.out.println("Login failed: " + e); response.sendError(HttpServletResponse.SC_FORBIDDEN, request .getRequestURI()); } catch (IOException ioE){ ioE.printStackTrace(); } return "failure"; } try { System.out.println("Subject is " + lc.getSubject()); //chain.doFilter(request, response); } catch (SecurityException se) { try { response.sendError(HttpServletResponse.SC_FORBIDDEN, request .getRequestURI()); } catch (IOException ioE){ ioE.printStackTrace(); } } return "vhr"; } } public class EmergencyLoginModule implements LoginModule{ public boolean commit() throws LoginException { if (succeeded) { if (subject.isReadOnly()){ throw new LoginException("Subject is readonly!"); } // add a Principal (authenticated identity) // to the Subject // assume the user we authenticated is the SamplePrincipal userPrincipal = new UserPrincipal(username); assignPrincipal(userPrincipal); assignPrincipal(new UserPrincipal("role")); if (debug) { System.out.println("\t\t[SampleLoginModule] " + "added SamplePrincipal to Subject"); } // in any case, clean out state username = null; for (int i = 0; i < password.length; i++) password[i] = ' '; password = null; commitSucceeded = true; } return true; } } Rob