• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

JAAS and Tomcat container managed authentication

 
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm currently looking into using JAAS for authentication of J2EE webapps. I've got a couple of questions I haven't been able to answer while I've been setting up a test environment on Tomcat 5.5.

1. I've successfully built a jsp page that uses the j_username and j_password fields which submit to j_security_check. I've got a class implementing LoginModule which successfully gets the username from NameCallback and password from PasswordCallback handlers. I've now modified my code implementing custom handlers for username and password. The html form is now submitting login details to a servlet which does the following:


The problem I have is that it doesn't seem that Tomcat knows that I've been authenticated (lc.login() return a Subject with correct user and role) and doesn't allow me to access protected pages that been specified inside the <security-constraint> tag in web.xml. Also request.getRemoteUser() gives me null. It seems that I'm bypassing Tomcat's authentication when I implement a LoginContext in my servlet. Everything works fine when I use the html form that post directly to j_security_check. I'm not sure what's wrong or if I even can do it this way.

Many Thanks
E
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic