struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: Last question on JAAS I promise
Date Tue, 09 Aug 2005 14:22:44 GMT
Before going any further with it on your own, perhaps you can integrate 
your JAAS module with sslext.

Mark Benussi on 09/08/05 11:36, wrote:
> Um wow.... so Form authentication works but not my own.
> 
> Thats fine then, I can get the Subject that has been authenticated but 
> how do I place the Principals returned from the LoginContext Subject and 
> make them available to the session so that I can do requst.isUserInRole? 
> Is there a session variable I have to set?
> 
> ----Original Message Follows----
> From: Adam Hardy <ahardy.struts@cyberspaceroad.com>
> Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
> To: Struts Users Mailing List <user@struts.apache.org>
> Subject: Re: Last question on JAAS I promise
> Date: Tue, 09 Aug 2005 09:49:59 +0100
> 
> Mark Benussi on 09/08/05 08:39, wrote:
> 
>> OK I got JAAS working with form authentication. That worked a treat 
>> (After a
>> bit of head banging).
>>
>> I then moved to invoking the login from Struts (Or a Servlet for Tomcat
>> users who don't use Struts)
>>
>> The code still gets invoked correctly.
>>
>> IBTJAASCallbackHandler callbackHandler = new
>> IBTJAASCallbackHandler(loginForm.getUserName(), loginForm.getPassword());
>> LoginContext context = new LoginContext("IBTJAAS", callbackHandler);
>> context.login();
>>
>> However the request.remoteUser() is now null (Was populated correctly 
>> when I
>> used form authentication) and the same for request.isUserInRole() (It
>> returns false, even though the Principal was added to the subject).
>>
>> Any ideas...?
> 
> 
> I could be totally wrong but I believe that I have read about people 
> trying this before, and that the answer was that you have to do it all 
> yourself.
> 
> I hesitate to say that since I'm not 100% sure but I think it's true 
> because it makes sense that the container (request.isUserInRole etc) 
> would know nothing about what you are doing with LoginContext and 
> CallbackHandler. I don't think there is any code in LoginContext that 
> injects your info into the servlet container, is there?
> 
> In this situation, you would override the HttpServletRequest class, 
> overriding those methods with your own so that they look for your login 
> info and return user objects, roles etc when required.
> 
> You could ask on the tomcat user list but I too have found it difficult 
> to get help there.
> 
> 
> Adam
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message