2 Replies Latest reply on Jul 31, 2015 9:14 AM by luis.birchenz

    JBoss as 7 programmatic authentication from servlet spec 2.5

    luis.birchenz

      I need to perform the login process programmatically in a JBoss AS 7, which uses form-based authentication. The servlet spec is 2.5, I tried a lot of alternatives but I was not able to perform the login successfully. I tried by using Httpclient, it was the closest I was, because I was able to login but I could not redirect successfully to the URL desired. The redirect did not work.

      I read a lot of things around it and I researched a lot but everything I tried did not work. Could someone please give me a hand with this? I'd need an example of this particular situation. I'd appreciate it very much.

      Thanks in advance,

      Luis.

        • 1. Re: JBoss as 7 programmatic authentication from servlet spec 2.5
          jaikiran

          Can you explain what exact problems are you running into and what your web application configs look like?

          • 2. Re: JBoss as 7 programmatic authentication from servlet spec 2.5
            luis.birchenz

            Hello Jaikiran,

             

                                   First of all, thanks for replying this post. Let me explain what is going on here:

            Our customer wants to reach our application from their portal in order to start a process (wizard) in our app. We use form-based authentication:

             

              <login-config>

                <auth-method>FORM</auth-method>

                <form-login-config>

                  <form-login-page>/login.jsp</form-login-page>

                  <form-error-page>/error.jsp</form-error-page>

                </form-login-config>

              </login-config>

             

            The point here is that the customer does not want to perform the login process (never), they want a link in their portal to reach our application transparently. In order to solve it we thought to implement oAuth for authorization but due to they do not want login, we want to authenticate the user programmatically. That's the idea we have, you need to consider that we cannot change the current authentication, in addition to it according to my understanding we cannot use more than one auth method, in case we want to add an alternative one. Anyway, that's why we chose this idea.

             

            That's it. Maybe we are wrong about it, I'd like to know your point of view.

             

            Thanks in advance,

             

            Luis.