1 Reply Latest reply on May 10, 2012 1:10 PM by j4m3s

    Custom LoginModule sorted in standalone.xml - but one last problem

    j4m3s

      I've managed to implement a custom LoginModule that's deployed to AS7.1.1.Final an working well - with one problem.  I can't figure out how to stop the server prompting for a username and password.  I don't need them in my module (I authenticate based on a sessionID set by a proxy server), but can't find how to stop the server from generating the BASIC login box.

       

      In order to tell jboss/ tomcat to use my LoginModule I've added the <login-config> section in my web.xml file - with, you've guessed-it,

      <auth-method>BASIC</auth-method>

      If I remove the auth-method section altogether, the app won't deploy.  If I remove the whole <login-config> section, my LoginModule never gets called, a 403 is returned to the browser straight-away (even though the LoginModule is specified in jboss-web.xml).

       

      What should I use in the auth-method element to prevent the browser prompting for user credentials but simply pass straight through to my LoginModule?  I've read a bit about valves - is there a "null" one that I need to deploy to get tomcat to simply pass-on to the LoginModule?


      Thank you,

       

      James.