Hi I have extended the JAAS UsernamePasswordLoginModule for my login. I have a console where I change the logged in users password. This results in the need to login again to do anything else, presumably cos the principal no longer matches whats in the DB. So, can I get the Subject and update the relevant Principal or add a new Principal to the Subject with the new password? If so, how do I get the current Subject? Any suggestions would be greatly appreciated
Hi Busty, I don't think you are able to fiddle with the logged in principle in the manner you discuss. If you are using J2EE, and you expect this principle to be propagated to downstream servers, then you need to rely on the containers impl. For example, in WebSphere, an LTPA token is generated that contains the user id and password, and so in your example, once the password changes, the token becomes invalid, and WAS will likey throw an exception when trying to reestablish the credentials. I would simply re-login the user by calling the LoginModule with the new userid and password. I've never done this before, but I would hope the LoginModule would overwrite the existing credentials. In fact, you could just call the JAAS logout first to ensure this happens. Let me know what you think or how it turns out. --Dave.
Joined: Jun 06, 2002
Hi Dave Thanks for your reply. Sorry, I didn't give enough info there. I am using J2EE, JBoss3.0.6 bundled with Tomcat. I use FORM authentication to log in, as you may or may not know, when using FORM authentication, your form must submit to 'j_security_check' and the web.xml indicates which loginmodule to use, the underlying servlet the form submits to is not visible so I dont actually know what way to use the loginModule to login programmatically. I know that theres something about populating a callback handler within the loginContext before calling the Modules Login function but I am not sure how to go about this. I tried the following but it just told me the password was incorrect...which it wasn't so its not working but I've no idea why:
If you can point me in the right direction, I'd really appreciate it. Thanks B [ February 18, 2004: Message edited by: Busty Sinclair ]
subject: changing password after jaas login, update the Subject?