堆栈内存溢出
  简体   繁体   English

通过JAAS手动登录用户到JBoss WIldfly

[英]Manually login user via JAAS into JBoss WIldfly

 原文  2014-08-21 14:25:04       java/ jboss/ jaas

问题描述

I am trying to perform a manual login. 我正在尝试执行手动登录。 My intention is to log someone in via JAX-RS call, but in the standard session. 我的意图是通过JAX-RS调用登录某人,但在标准会话中。 This way both subsequent javascript calls as well as java calls will see the same Subject, Principal etc. This is all happening in context of SSO with Picketlink, I need to show the user he's current login state, as well as allow him to login in background. 这样,后续的javascript调用和java调用都将看到相同的Subject,Principal等。这都是在Picketlink的SSO上下文中发生的,我需要向用户显示他当前的登录状态,并允许他登录背景。

I created own LoginModule which works with j_security flawlessly. 我创建了自己的LoginModule,可以完美地与j_security一起使用。 I created a JAX-RS Resource which initiates a LoginContext and logs user in. My LoginModule is asked in the background and the login is performed perfectly. 我创建了一个JAX-RS资源,该资源可启动LoginContext并登录用户。在后台询问我的LoginModule并完美执行了登录。 Almost. 几乎。 Because there is one small problem, the login is not associated with the http request or session. 因为有一个小问题,所以登录名与http请求或会话无关。 

@POST @Path("login")
public LoginResponse login(LoginForm loginForm, @Context HttpServletRequest request) throws LoginException{
    LoginResponse ret = new LoginResponse();
    LoginContext loginContext = new LoginContext("idp", new WidgetCallBackHandler(loginForm));
    System.out.println("User principal before: "+request.getUserPrincipal());
    try{
        loginContext.login();
    }catch(LoginException e){
        ret.setMessage("Login failed: "+e.getMessage());
    }

    Subject subject = loginContext.getSubject();
    System.out.println("Logged in subject: "+subject);

    System.out.println("User principal after: "+request.getUserPrincipal());
    System.out.println("Login executed");

    ret.setState(getLoginState(request));
    return ret;
}

both Principals, before and after are null. 这两个Principal,before和after为null。 So I am able to authenticate the user properly, but it's completely senseless since I can't associate the session with the logged in subject. 因此,我能够正确验证用户身份,但是由于我无法将会话与已登录的主题相关联,因此完全没有意义。

I've read that there was a class WebAuthenticator in previous JBoss versions, is this a road to pursue? 我已经读到JBoss以前的版本中有一个WebAuthenticator类,这是追求的道路吗?

Thanks in advance 提前致谢

1 个解决方案

解决方案1
 0  2014-08-21 14:35:43

Ok the solution was sooo simple, that it's almost a-shame I haven't found it earlier. 好的,解决方案太简单了,我以前没有发现它几乎是可耻的。 The hint was in this link: https://issues.jasig.org/browse/CASC-174 提示位于此链接中: https : //issues.jasig.org/browse/CASC-174

Servlet 3.0 has Servlet 3.0具有

request.login(username, password)

method which does all I needed. 我所需的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过JAAS以编程方式登录用户 - Login a user programmatically via JAAS Wildfly和JAAS登录模块 - Wildfly and JAAS login module JBoss JAAS 自定义登录模块 - JBoss JAAS custom Login Module JBoss JAAS自定义登录模块错误消息 - JBoss JAAS custom Login Module Error messages 将 HTTP Request.login 与 JBoss/JAAS 一起使用 - Using HTTP Request.login with JBoss/JAAS JAAS,Wildfly 10,Firefox-无法重新登录 - JAAS, Wildfly 10, Firefox - can't re-login 用户登录Java - JAAS / JNDI / GSSAPI - User Login in Java - JAAS/JNDI/GSSAPI Jboss 7 Jaas模块,成功登录后将覆盖角色 - Jboss 7 Jaas Module, Roles are overriden after successful login 在JSF2 Web应用程序(JBoss)中以编程方式登录到自定义JAAS LoginModule - Programmatic Login to custom JAAS LoginModule in JSF2 web application (JBoss) 将JAAS与Wildfly集成 - integrate JAAS with wildfly
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM