struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Last question on JAAS I promise
Date Tue, 09 Aug 2005 08:49:59 GMT
Mark Benussi on 09/08/05 08:39, wrote:
> OK I got JAAS working with form authentication. That worked a treat (After a
> bit of head banging).
> 
> I then moved to invoking the login from Struts (Or a Servlet for Tomcat
> users who don't use Struts)
> 
> The code still gets invoked correctly.
> 
> IBTJAASCallbackHandler callbackHandler = new
> IBTJAASCallbackHandler(loginForm.getUserName(), loginForm.getPassword());
> LoginContext context = new LoginContext("IBTJAAS", callbackHandler);
> context.login();
> 			
> However the request.remoteUser() is now null (Was populated correctly when I
> used form authentication) and the same for request.isUserInRole() (It
> returns false, even though the Principal was added to the subject).
> 
> Any ideas...?

I could be totally wrong but I believe that I have read about people 
trying this before, and that the answer was that you have to do it all 
yourself.

I hesitate to say that since I'm not 100% sure but I think it's true 
because it makes sense that the container (request.isUserInRole etc) 
would know nothing about what you are doing with LoginContext and 
CallbackHandler. I don't think there is any code in LoginContext that 
injects your info into the servlet container, is there?

In this situation, you would override the HttpServletRequest class, 
overriding those methods with your own so that they look for your login 
info and return user objects, roles etc when required.

You could ask on the tomcat user list but I too have found it difficult 
to get help there.


Adam



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message