• Post Reply Bookmark Topic Watch Topic
  • New Topic

JAAS Authentication - Pass User Data to Web Application  RSS feed

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We've implemented JAAS Authentiation using Tomcat and it works perfectly. We've wrapped the application in a Security Context, and when a user goes to access the web application, it launches Form Based authentication which we authenticate using a custom realm and LoginModule. Perfect.

The issue is that once the user is authenticated, we need to let the web application know what user he or she is. The LoginModule doesn't have access to the session, and I've read a couple of posts that suggested the following code:



But when I try that, I get an exception:



I've tried using ThreadLocal, but that's not safe -- the session doesn't always continue on the same thread. I've tried to look for the user name from the form in the login form:



But it's always null.

There must be some way to let the web application know what the user name that was authenticated -- honestly, JAAS would be pretty much useless if it authenticates but then gives the application no way to know what the user that was authenticated, since we'd then have to make the user log in again.

Thanks in advance!
 
Steve Singer
Greenhorn
Posts: 6
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found the answer hidden deep in the JavaDoc of the Principal object within JAAS -- if you correctly set this, then it automatically inserts it into the Servlet Request object and you can retrieve the user by



Answering this in case other folk have similar questions!
 
Sheriff
Posts: 21137
87
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You may also be interested in servletRequest.getUserPrincipal(). It returns a Principal object containing the username, but possibly more.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!