Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / June 2005

Tip: Looking for answers? Try searching our database.

Actively calling JBoss JAAS authentication from an open web app page

Thread view: 
Enable EMail AlertsStart New Thread
davout - 23 Jun 2005 18:45 GMT
I have a web app running under JBoss 4.x  I'm using JBoss based JAAS
authentication to control access to restricted web app content.  The web app
is configured to use FORM based authentication.

However, the default starting page of the web app is open and not subject to
security constraints. On this same starting page I have a quick login
facility that allows the user to type in their user ID and passwword and
then click submit to login.

Unlike standard web app restrictions which only activate once a web app
tries to access restricted content, here on this open start page I'm doing
the reverse - logging in first then going to a private page.

Question is how do I pass the open page login data values to the JAAS system
so that when I navigate to the first closed content it realizes that the
user has already logged in?
Reply to this Message
Jan Peter Stotz - 24 Jun 2005 09:13 GMT
davout schrieb:

> Question is how do I pass the open page login data values to the JAAS system
> so that when I navigate to the first closed content it realizes that the
> user has already logged in?

AFAIK, this is done directly by the login form itself. The login form sends
it content to a special url that is reserved for authentication:

<form method="POST" action="j_security_check">
 Username: <input type="text"     name="j_username"><br />
 Password: <input type="password" name="j_password"><br />
 <br />
 <input type="submit" value="Login">
 <input type="reset"  value="Reset">
</form>

Taken from:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html?page=last

Jan
Reply to this Message
Dave Milne - 24 Jun 2005 18:18 GMT
I don't think you can. Essentially, you have to decide if you want to use
the JAAS way of doing things, or your own way and then stick with it. Also,
why ask people to log in if they don't need to ? If they do need to, perhaps
protect the whole lot with JAAS ?

Dave Milne, Scotland
'91 Grand Wagoneer, '99 TJ
> davout schrieb:
>
[quoted text clipped - 17 lines]
>
> Jan
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.