File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes JAAS with JSF misunderstanding Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Storm Applied this week in the Other Open Source APIs forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS with JSF misunderstanding" Watch "JAAS with JSF misunderstanding" New topic

JAAS with JSF misunderstanding

Lukas Hnatuk

Joined: May 31, 2010
Posts: 10
Hi, i am trying to develop JSF based application with JAAS, but i stuck over a 3 weeks with it and I would appriciate some help.
I have a login page, lets assume it looks like this:

After login, I get the usenmae and password to the loginManagedBean a call my EJB. EJB has this method:

I do the authentication and if i did lc.getSubject() i see the thinks i need.
Here is the problem: When i leave this method, i cannot find any way get the Subject i just logged in. Is there some way, or i am doing it completly wrong.
The reason why I do not want to use j_username with j_password and some realm is, that I would like to have more control over application(eg redirecting each user to a different page(admins,users...) and i cant find the way.
Can you please tell me, what I am doing wrong, or post some little code, to understand this.
I read the JAAS tutorials, but still i am a lot confused.

My second questin is, how do I find the roles i put to the user?

Here is the LoginModule login and commit methods ( i found some tutorial here, so they are only copied from here:

Sever: GlassFish v3
JSF 2.1
Mostly using NetBeans
I agree. Here's the link:
subject: JAAS with JSF misunderstanding