Y
yoz
Hi all,
I just want to clarify something. I am trying to propagate the credentials
from a JAAS logon with jboss. It all works, I get the "login box" and the
LoginModule goes and check the user/password in the database. My problem is
the following: if I sign on on "/client" and I go back to the root of my
website ("/") I loose the the credential but I do get them back when I go
back to "/client".
To put another way the "request.isUserInRole(String)" method returns "true"
when I am under the "/client" branch but false if I am in the "/" branch. I
tried to find out the difference, it looks like the request has an attribute
of type javax.security.auth.Subject named "j_subject" under "/client" but
not under "/". So I tried to hack it, and make sure my request has got the
"j_subject" attribute but it didn't work.
The only solution I have found is to get a Subject through JAAS myself, and
store it in the session. In order to hack the "isUserInRole(String)" method
to look at the session "Subject" I created a request wrapper which
essentially call back the original JBoss/Coyote request and override the
isUserInRole(String) method.
Is that the way to go or is there another way?
Regards
Yoz
I just want to clarify something. I am trying to propagate the credentials
from a JAAS logon with jboss. It all works, I get the "login box" and the
LoginModule goes and check the user/password in the database. My problem is
the following: if I sign on on "/client" and I go back to the root of my
website ("/") I loose the the credential but I do get them back when I go
back to "/client".
To put another way the "request.isUserInRole(String)" method returns "true"
when I am under the "/client" branch but false if I am in the "/" branch. I
tried to find out the difference, it looks like the request has an attribute
of type javax.security.auth.Subject named "j_subject" under "/client" but
not under "/". So I tried to hack it, and make sure my request has got the
"j_subject" attribute but it didn't work.
The only solution I have found is to get a Subject through JAAS myself, and
store it in the session. In order to hack the "isUserInRole(String)" method
to look at the session "Subject" I created a request wrapper which
essentially call back the original JBoss/Coyote request and override the
isUserInRole(String) method.
Is that the way to go or is there another way?
Regards
Yoz