You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Rob Mercer <r....@magnushealth.com> on 2008/11/15 00:01:10 UTC
Custom Login Module
Hey all,
System: Tomcat 6.0.15, JDK 6.0, Windows Vista BE.
I've been tasked with creating a custom login module that will integrate
with our current system (which uses the ole request.getRemoteUser() call
some). I need to figure out what I'm not doing to integrate with the
Tomcat container:
My problem is that event though I have the right information in the
subject, the tomcat container does not recognize the user as logged in,
nor does request.getRemoteUser() change from being null.
Any ideas?
public class SomePage {
public String login() {
HttpServletResponse response = FacesUtils.getResponse();
HttpServletRequest request = FacesUtils.getRequest();
HttpSession session = request.getSession(true);
Subject subject = (Subject) session
.getAttribute("javax.security.auth.subject");
if (subject == null) {
subject = new Subject();
}
session.setAttribute("javax.security.auth.subject",
subject);
LoginContext lc = null;
try {
lc = new LoginContext("Jaas", subject, new
HttpAuthCallbackHandler());
System.out.println("established new logincontext");
} catch (LoginException le) {
try {
le.printStackTrace();
response.sendError(HttpServletResponse.SC_FORBIDDEN, request
.getRequestURI());
} catch (IOException ioE){
ioE.printStackTrace();
}
return "failure";
}
try {
lc.login();
// if we return with no exception, authentication
succeeded
} catch (Exception e) {
try {
System.out.println("Login failed: " + e);
response.sendError(HttpServletResponse.SC_FORBIDDEN, request
.getRequestURI());
} catch (IOException ioE){
ioE.printStackTrace();
}
return "failure";
}
try {
System.out.println("Subject is " + lc.getSubject());
//chain.doFilter(request, response);
} catch (SecurityException se) {
try {
response.sendError(HttpServletResponse.SC_FORBIDDEN, request
.getRequestURI());
} catch (IOException ioE){
ioE.printStackTrace();
}
}
return "vhr";
}
}
public class EmergencyLoginModule implements LoginModule{
public boolean commit() throws LoginException {
if (succeeded) {
if (subject.isReadOnly()){
throw new LoginException("Subject is
readonly!");
}
// add a Principal (authenticated identity)
// to the Subject
// assume the user we authenticated is the
SamplePrincipal
userPrincipal = new UserPrincipal(username);
assignPrincipal(userPrincipal);
assignPrincipal(new UserPrincipal("role"));
if (debug) {
System.out.println("\t\t[SampleLoginModule] "
+ "added SamplePrincipal to
Subject");
}
// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
commitSucceeded = true;
}
return true;
}
}
Rob