[英]Manually login user via JAAS into JBoss WIldfly
I am trying to perform a manual login. 我正在尝试执行手动登录。 My intention is to log someone in via JAX-RS call, but in the standard session.
我的意图是通过JAX-RS调用登录某人,但在标准会话中。 This way both subsequent javascript calls as well as java calls will see the same Subject, Principal etc. This is all happening in context of SSO with Picketlink, I need to show the user he's current login state, as well as allow him to login in background.
这样,后续的javascript调用和java调用都将看到相同的Subject,Principal等。这都是在Picketlink的SSO上下文中发生的,我需要向用户显示他当前的登录状态,并允许他登录背景。
I created own LoginModule which works with j_security flawlessly. 我创建了自己的LoginModule,可以完美地与j_security一起使用。 I created a JAX-RS Resource which initiates a LoginContext and logs user in. My LoginModule is asked in the background and the login is performed perfectly.
我创建了一个JAX-RS资源,该资源可启动LoginContext并登录用户。在后台询问我的LoginModule并完美执行了登录。 Almost.
几乎。 Because there is one small problem, the login is not associated with the http request or session.
因为有一个小问题,所以登录名与http请求或会话无关。
@POST @Path("login")
public LoginResponse login(LoginForm loginForm, @Context HttpServletRequest request) throws LoginException{
LoginResponse ret = new LoginResponse();
LoginContext loginContext = new LoginContext("idp", new WidgetCallBackHandler(loginForm));
System.out.println("User principal before: "+request.getUserPrincipal());
try{
loginContext.login();
}catch(LoginException e){
ret.setMessage("Login failed: "+e.getMessage());
}
Subject subject = loginContext.getSubject();
System.out.println("Logged in subject: "+subject);
System.out.println("User principal after: "+request.getUserPrincipal());
System.out.println("Login executed");
ret.setState(getLoginState(request));
return ret;
}
both Principals, before and after are null. 这两个Principal,before和after为null。 So I am able to authenticate the user properly, but it's completely senseless since I can't associate the session with the logged in subject.
因此,我能够正确验证用户身份,但是由于我无法将会话与已登录的主题相关联,因此完全没有意义。
I've read that there was a class WebAuthenticator in previous JBoss versions, is this a road to pursue? 我已经读到JBoss以前的版本中有一个WebAuthenticator类,这是追求的道路吗?
Thanks in advance 提前致谢
Ok the solution was sooo simple, that it's almost a-shame I haven't found it earlier. 好的,解决方案太简单了,我以前没有发现它几乎是可耻的。 The hint was in this link: https://issues.jasig.org/browse/CASC-174
提示位于此链接中: https : //issues.jasig.org/browse/CASC-174
Servlet 3.0 has Servlet 3.0具有
request.login(username, password)
method which does all I needed. 我所需的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.