This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Tomcat and the fly likes Passing information beyond username and password to JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Passing information beyond username and password to JAAS" Watch "Passing information beyond username and password to JAAS" New topic
Author

Passing information beyond username and password to JAAS

Jack Houghton
Greenhorn

Joined: Sep 29, 2008
Posts: 2
I have overidden the default security provider and wrote a custom LoginModule to authenticate to Tomcat 6.0.18. When a user successfully logs in, I write information to the database to track that the user logs in. I also add a cookie that maps the login to the information in the database. I do this to allow other web sites under the same domain (Apache/PHP) to see that the user is already logged in and allow them to access the protected components of those sites. This works the same way in the other direction. A user can log in to one of the other sites and the cookie is added. I would like to pass the cookie information to the LoginModule to verify that the user is logged in and authenticate to Tomcat. I was thinking of changing the user name to be some string and then the key value in the cookie in order that I may access the value via j_username, but I think that is a hack and would like to be able to pass dynamic information to the LoginModule. I know that you can pass information through the JAAS config file, but that is only for static data.

Any help is appreciated
Jack


<a href="https://www.notbaggage.com" target="_blank" rel="nofollow">https://www.notbaggage.com</a><br /><a href="http://hicus.com" target="_blank" rel="nofollow">http://hicus.com</a>
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Passing information beyond username and password to JAAS
 
Similar Threads
Using JAAS
Log in and have profile ???
Using JAAS/Struts for enrollment authentication
Weblogic 8.1 / JAAS Authentication
Application Security Suggestions Needed