• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
  • Al Hobbs
  • salvin francis

JAAS and Tomcat container managed authentication

Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I'm currently looking into using JAAS for authentication of J2EE webapps. I've got a couple of questions I haven't been able to answer while I've been setting up a test environment on Tomcat 5.5.

1. I've successfully built a jsp page that uses the j_username and j_password fields which submit to j_security_check. I've got a class implementing LoginModule which successfully gets the username from NameCallback and password from PasswordCallback handlers. I've now modified my code implementing custom handlers for username and password. The html form is now submitting login details to a servlet which does the following:

The problem I have is that it doesn't seem that Tomcat knows that I've been authenticated (lc.login() return a Subject with correct user and role) and doesn't allow me to access protected pages that been specified inside the <security-constraint> tag in web.xml. Also request.getRemoteUser() gives me null. It seems that I'm bypassing Tomcat's authentication when I implement a LoginContext in my servlet. Everything works fine when I use the html form that post directly to j_security_check. I'm not sure what's wrong or if I even can do it this way.

Many Thanks
    Bookmark Topic Watch Topic
  • New Topic