| Kevin 2004-06-07, 11:48 pm |
| I have an issue I cannot seem to solve with J2EE Authentication
Environment
- WASD 5.0/Websphere 5.0
- JDK 1.4.2
- Struts
Requirements
1. Currently Form-based authenitcation is in place with a login page
and error page using POST with j_securitycheck
2. I want to call a URL passing username and password on the URL
params and have the system silently login the user
Issue
1. The mechanism for FORM-based authentication and programmatic
authentication seem have different role information
Code snippet from LoginAction (works fine when going through login
page)
User user = new User();
Principal principal = request.getUserPrincipal();
if (request.isUserInRole("CasenetCalendarGlobal")) {
user.setRole(user.COURT_ROLE);
}
if (request.isUserInRole("CasenetCourt")) {
user.setRole(user.COURT_ROLE);
}
etc...
Code snippet from XXXXRPCAction (right from the IBM Help pages). I
ommitted the LoginCallbackHandler. It works.
LoginContext lc = null;
try {
lc = new LoginContext("WSLogin",
new LogonCallbackHandler(userName, criteria.getPassword()));
} catch (LoginException le) {
System.out.println("Cannot create LoginContext. " +
le.getMessage());
// insert error processing code
} catch(SecurityException se) {
System.out.println("Cannot create LoginContext." +
se.getMessage());
// Insert error processing
}
try {
lc.login();
} catch(LoginException le) {
System.out.println("Fails to create Subject. " +
le.getMessage());
// Insert error processing code
}
What happens
------------
FORM-authentication works file and roles are set. With programmatic
login, I cannot get a handle on any role information.
Note the request role processing in the FORM-based authentication.
And, the FORM-based authentication still does not
think there has been a successful login, yet the programmatic login
passed! Any help would be appreciated.
Kevin
|