jsr196 | 易学教程

How to override j_security_check in glassfish?

阅读更多关于 How to override j_security_check in glassfish?

问题 I'm currently using FORM based authentication in glassfish v2.1 to log users in and it works fine. I want to switch to ProgrammaticLogin and I want to be able to get the initially requested URL (i.e. before redirecting to login page) and use it in my programmatic login code so that the user is redirected back to the requested page after authentication. I've seen the source code for j_security_check - in my case that's FormAuthenticator (catalina codebase) and it saves the initial request in a

Jaspic module not propagating principal to local EJB in JBoss 7.4

阅读更多关于 Jaspic module not propagating principal to local EJB in JBoss 7.4

问题 I have a custom, JSR-196 module, that basically delegates to a service that delegates roles to a OAuth "grants" call. It does work from a servlet (request.getUserPrincipal() works fine). It does not propagate to EJB calls, where SessionContext.getCallerPrincipal() returns a SimplePrincipal with "anonymous" instead of expected username / roles. MycompanyPrincipal is a simple class, with a simple getName() and some custom properties. It seems that SubjectInfo.getAuthenticatedSubject() has no

How to save an authenticated user in JASPIC?

阅读更多关于 How to save an authenticated user in JASPIC?

问题 I have developed a Security Authentication Module (SAM) and implemented the validateRequest method. I also have a simple webapp configured to use this SAM. In my validateRequest method, I check the clientSubject and set a CallerPrincipalCallback with a hardcoded username and a GroupPrincipalCallback with a hardcoded group name: final CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, "anonymous"); final GroupPrincipalCallback groupPrincipalCallback =

Jaspic module not propagating principal to local EJB in JBoss 7.4

阅读更多关于 Jaspic module not propagating principal to local EJB in JBoss 7.4

I have a custom, JSR-196 module, that basically delegates to a service that delegates roles to a OAuth "grants" call. It does work from a servlet (request.getUserPrincipal() works fine). It does not propagate to EJB calls, where SessionContext.getCallerPrincipal() returns a SimplePrincipal with "anonymous" instead of expected username / roles. MycompanyPrincipal is a simple class, with a simple getName() and some custom properties. It seems that SubjectInfo.getAuthenticatedSubject() has no principal. I managed to make an ugly workaround for that, see "// WORKAROUND" below. Still, I'd want to

How to save an authenticated user in JASPIC?

阅读更多关于 How to save an authenticated user in JASPIC?

I have developed a Security Authentication Module (SAM) and implemented the validateRequest method. I also have a simple webapp configured to use this SAM. In my validateRequest method, I check the clientSubject and set a CallerPrincipalCallback with a hardcoded username and a GroupPrincipalCallback with a hardcoded group name: final CallerPrincipalCallback callerPrincipalCallback = new CallerPrincipalCallback(clientSubject, "anonymous"); final GroupPrincipalCallback groupPrincipalCallback = new GroupPrincipalCallback(clientSubject, new String[] {"user"}); try { this.handler.handle(new