• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

changing password after jaas login, update the Subject?

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
I have extended the JAAS UsernamePasswordLoginModule for my login. I have a console where I change the logged in users password. This results in the need to login again to do anything else, presumably cos the principal no longer matches whats in the DB.
So, can I get the Subject and update the relevant Principal or add a new Principal to the Subject with the new password? If so, how do I get the current Subject?
Any suggestions would be greatly appreciated
 
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Busty,
I don't think you are able to fiddle with the logged in principle in the manner you discuss. If you are using J2EE, and you expect this principle to be propagated to downstream servers, then you need to rely on the containers impl. For example, in WebSphere, an LTPA token is generated that contains the user id and password, and so in your example, once the password changes, the token becomes invalid, and WAS will likey throw an exception when trying to reestablish the credentials.
I would simply re-login the user by calling the LoginModule with the new userid and password. I've never done this before, but I would hope the LoginModule would overwrite the existing credentials. In fact, you could just call the JAAS logout first to ensure this happens.
Let me know what you think or how it turns out.
--Dave.
 
Busty Sinclair
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Dave
Thanks for your reply. Sorry, I didn't give enough info there. I am using J2EE, JBoss3.0.6 bundled with Tomcat. I use FORM authentication to log in, as you may or may not know, when using FORM authentication, your form must submit to 'j_security_check' and the web.xml indicates which loginmodule to use, the underlying servlet the form submits to is not visible so I dont actually know what way to use the loginModule to login programmatically.
I know that theres something about populating a callback handler within the loginContext before calling the Modules Login function but I am not sure how to go about this.
I tried the following but it just told me the password was incorrect...which it wasn't so its not working but I've no idea why:

If you can point me in the right direction, I'd really appreciate it.
Thanks
B
[ February 18, 2004: Message edited by: Busty Sinclair ]
reply
    Bookmark Topic Watch Topic
  • New Topic