Hello all,
I'm attempting to perform a JAAS login via a
servlet. I'm not using a FORM based login, but I'm passing the username and password as request parameters. I'm going off examples in the
Java Servlet &
JSP Cookbook, but here is a code snippet:
The authentication works and my custom LoginModule class sets separate User and Role Principals in the Subject, however it doesn't seem to be maintained in the session - when I try to access other pages in the protected resource it won't let me. Calling request.isUserInRole(), getUserPrincipal() returns false and null, respectively.
Is there a session attribute I have to manually set when authentication succeeds, for this to work? Or shouldn't JAAS do that automatically?