geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Any example on how to implement a programmatic login with geronimo security?
Date Mon, 21 Feb 2011 01:10:16 GMT
It's not entirely clear what you want to do.

The documentation you point to is still fairly accurate but not really relevant IIUC.

In servlet 3.0 (implemented in geronimo 3.0, not yet released but this part is working), there
are new methods on HttpServletRequest where you can either force a login (e.g. form or basic)
that has been otherwise configured for the web app or login using username and password you
have collected yourself somehow.  After this login all container managed security will work
just as if the user had tried to access a protected resource and been logged in automatically.

Before servlet 3.0 you can always get some credentials and login but the resulting subject
won't automatically be known to the container and container managed security won't work at
all unless you do something to register the result.

 I think I've given some advice on how to do this on the user list in the past.  IIRC you
want to do something like

LoginContext lc  =, callbackHandler);
ContextManager.setCallers(lc.getSubject(), lc,getSubject());
//do work


hope this helps
david jencks

On Feb 20, 2011, at 4:26 PM, Andreas Bohnert wrote:

> dear list,
> there is an example (time report) on how to configure a form based login (j_security_check)
but how am I'm doing a programmatic login with geronimo?
> I can not find any references on how to do this with geronimo 2.x
> I found this, but I wonder if it is still up to date:
> If the above documentation is obsolet:
> Do I need to write a login-config.xm and how does it look like?
> Are there any callbackhandler implementations that I can pass to a LoginContext?
> Any help is very much appreciated.
> Andreas
View raw message