1 Reply Latest reply: May 10, 2012 1:10 PM by James Fellows RSS

Custom LoginModule sorted in standalone.xml - but one last problem

James Fellows Newbie

I've managed to implement a custom LoginModule that's deployed to AS7.1.1.Final an working well - with one problem.  I can't figure out how to stop the server prompting for a username and password.  I don't need them in my module (I authenticate based on a sessionID set by a proxy server), but can't find how to stop the server from generating the BASIC login box.

 

In order to tell jboss/ tomcat to use my LoginModule I've added the <login-config> section in my web.xml file - with, you've guessed-it,

<auth-method>BASIC</auth-method>

If I remove the auth-method section altogether, the app won't deploy.  If I remove the whole <login-config> section, my LoginModule never gets called, a 403 is returned to the browser straight-away (even though the LoginModule is specified in jboss-web.xml).

 

What should I use in the auth-method element to prevent the browser prompting for user credentials but simply pass straight through to my LoginModule?  I've read a bit about valves - is there a "null" one that I need to deploy to get tomcat to simply pass-on to the LoginModule?


Thank you,

 

James.