This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Security and the fly likes JAAS with JSF misunderstanding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS with JSF misunderstanding" Watch "JAAS with JSF misunderstanding" New topic

JAAS with JSF misunderstanding

Lukas Hnatuk

Joined: May 31, 2010
Posts: 10
Hi, i am trying to develop JSF based application with JAAS, but i stuck over a 3 weeks with it and I would appriciate some help.
I have a login page, lets assume it looks like this:

After login, I get the usenmae and password to the loginManagedBean a call my EJB. EJB has this method:

I do the authentication and if i did lc.getSubject() i see the thinks i need.
Here is the problem: When i leave this method, i cannot find any way get the Subject i just logged in. Is there some way, or i am doing it completly wrong.
The reason why I do not want to use j_username with j_password and some realm is, that I would like to have more control over application(eg redirecting each user to a different page(admins,users...) and i cant find the way.
Can you please tell me, what I am doing wrong, or post some little code, to understand this.
I read the JAAS tutorials, but still i am a lot confused.

My second questin is, how do I find the roles i put to the user?

Here is the LoginModule login and commit methods ( i found some tutorial here, so they are only copied from here:

Sever: GlassFish v3
JSF 2.1
Mostly using NetBeans
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: JAAS with JSF misunderstanding
It's not a secret anymore!