J2EE authentication FORM and Programmatic

Discussion in 'Java' started by Kevin, Jun 7, 2004.

  1. Kevin

    Kevin Guest

    I have an issue I cannot seem to solve with J2EE Authentication

    Environment
    - WASD 5.0/Websphere 5.0
    - JDK 1.4.2
    - Struts

    Requirements
    1. Currently Form-based authenitcation is in place with a login page
    and error page using POST with j_securitycheck
    2. I want to call a URL passing username and password on the URL
    params and have the system silently login the user


    Issue
    1. The mechanism for FORM-based authentication and programmatic
    authentication seem have different role information


    Code snippet from LoginAction (works fine when going through login
    page)

    User user = new User();
    Principal principal = request.getUserPrincipal();
    if (request.isUserInRole("CasenetCalendarGlobal")) {
    user.setRole(user.COURT_ROLE);
    }
    if (request.isUserInRole("CasenetCourt")) {
    user.setRole(user.COURT_ROLE);
    }
    etc...

    Code snippet from XXXXRPCAction (right from the IBM Help pages). I
    ommitted the LoginCallbackHandler. It works.

    LoginContext lc = null;

    try {
    lc = new LoginContext("WSLogin",
    new LogonCallbackHandler(userName, criteria.getPassword()));

    } catch (LoginException le) {
    System.out.println("Cannot create LoginContext. " +
    le.getMessage());
    // insert error processing code
    } catch(SecurityException se) {
    System.out.println("Cannot create LoginContext." +
    se.getMessage());
    // Insert error processing
    }

    try {
    lc.login();
    } catch(LoginException le) {
    System.out.println("Fails to create Subject. " +
    le.getMessage());
    // Insert error processing code
    }



    What happens
    ------------
    FORM-authentication works file and roles are set. With programmatic
    login, I cannot get a handle on any role information.
    Note the request role processing in the FORM-based authentication.
    And, the FORM-based authentication still does not
    think there has been a successful login, yet the programmatic login
    passed! Any help would be appreciated.


    Kevin
    Kevin, Jun 7, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ross M. Greenberg

    LAMP & J2EE as opposed to LAMP vs J2EE

    Ross M. Greenberg, Dec 12, 2004, in forum: Java
    Replies:
    6
    Views:
    1,388
    Robert kebernet Cooper
    Dec 24, 2004
  2. T.G.
    Replies:
    1
    Views:
    501
    Raymond DeCampo
    Jan 4, 2006
  3. ERobishaw
    Replies:
    1
    Views:
    816
    Anthony Jones
    Mar 22, 2008
  4. mehdi mousavi
    Replies:
    0
    Views:
    1,031
    mehdi mousavi
    Feb 15, 2009
  5. Tyler Carver

    Programmatic Forms Authentication

    Tyler Carver, Feb 21, 2006, in forum: ASP .Net Security
    Replies:
    8
    Views:
    208
    Yuan Ren[MSFT]
    Feb 24, 2006
Loading...

Share This Page