This content has been marked as final.
Show 3 replies
-
2. Re: Is it possible to access request parameters within custo
sreeraaman Dec 18, 2006 4:25 AM (in response to sreeraaman)Thanks scott for those nice links.
However, my requirement is slightly different and I am newbie to Tomcat. I enabled ExtendedFormAuthenticator to my application as suggested in one of the links.
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
After that, I observed the following output in the server logs:2006-12-18 13:40:56,593 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[admin(HiringManagers,Recruiters,)] 2006-12-18 13:40:56,593 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful 2006-12-18 13:40:56,593 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original '/SampleWeb/secure/MainMenu.seam?clientIdentifier=Kenexa' 2006-12-18 13:40:56,593 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] SessionID: AE87BB0614F54B452EE2FDE877015D00 2006-12-18 13:40:56,593 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_username = admin 2006-12-18 13:40:56,593 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_password = --hidden-- 2006-12-18 13:40:56,593 TRACE [org.jboss.web.tomcat.security.ExtendedFormAuthenticator] Setting j_exception = null
I observed that the ExtendedFormAuthenticator has pushed the j_username, j_password & j_exception into the session which can be used for post login or for error handling.
However, Our requirement is something like this. Our application should support multiple clients with a single code base.
Each client will have their own LDAP configuration. While trying to authenticate the user, I need to know the client to which the user belongs to appropriately load the correct configuration and authenticate the user.
We decided to give the client id as part of the request url via a query string so that somehow we can get them inside the login module.
While browsing the net, I came across a feature in Jetty which allows me to do something like this.
http://docs.codehaus.org/display/JETTY/JAAS.
Jetty has a callback called RequestParameterCallback using which I can get this as shown below:public class FooLoginModule extends AbstractLoginModule { . . . public boolean login() throws LoginException { . . . Callback[] callbacks = new Callback[3]; callbacks[0] = new NameCallback(); callbacks[1] = new ObjectCallback(); //as an example, look for a param named "extrainfo" in the request //use one RequestParameterCallback() instance for each param you want to access callbacks[2] = new RequestParameterCallback (); ((RequestParameterCallback)callbacks[2]).setParameterName ("extrainfo"); . . . callbackHandler.handle(callbacks); String userName = ((NameCallback)callbacks[0]).getName(); Object pwd = ((ObjectCallback)callbacks[1]).getObject(); List paramValues = ((RequestParameterCallback)callbacks[2]).getParameterValues(); //use the userName, pwd and the value(s) of the parameter named "extrainfo" to //authenticate the user . . . }
Do we have a similar stuff in Tomcat and if so can someone please let me know as to how to do the same.?
Thanks in advance.
regards
sriraman. -
3. Re: Is it possible to access request parameters within custo
sreeraaman Dec 20, 2006 7:41 AM (in response to sreeraaman)Hi All,
I finally figured out as to how to get the current request object inside my login module:
following is the piece of code which would do that:public static final String WEB_REQUEST_KEY = "javax.servlet.http.HttpServletRequest"; HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY);
regards
sriraman.