• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Passing information beyond username and password to JAAS

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have overidden the default security provider and wrote a custom LoginModule to authenticate to Tomcat 6.0.18. When a user successfully logs in, I write information to the database to track that the user logs in. I also add a cookie that maps the login to the information in the database. I do this to allow other web sites under the same domain (Apache/PHP) to see that the user is already logged in and allow them to access the protected components of those sites. This works the same way in the other direction. A user can log in to one of the other sites and the cookie is added. I would like to pass the cookie information to the LoginModule to verify that the user is logged in and authenticate to Tomcat. I was thinking of changing the user name to be some string and then the key value in the cookie in order that I may access the value via j_username, but I think that is a hack and would like to be able to pass dynamic information to the LoginModule. I know that you can pass information through the JAAS config file, but that is only for static data.

Any help is appreciated
Jack
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic