If the login is successful, keep the user object in
the session. In every action class, you can check
whether the user object/user exists in the session or
not. If not, redirect to login.jsp.
Maybe you can have the check in some super action
class so that you dont have to repeat the code in each
action class.
--- Leandro Melo <[EMAIL PROTECTED]> wrote:
> I'm back!
> After getting some jaas studies, i'm a little bit
> better, so i can now formulate a better question.
>
> Here it is... (I know that this is not only a Struts
> question, because it envolves jaas, but i'm pretty
> sure that people over here could give me some advise
> on how to handle the problem).
>
>
> I got my application protected with JAAS, so users
> cannot access any pages or servles withou a login. I
> build then an Action to handle login stuff.
>
> Heres the code of my LoginAction (execute method).
>
> //...
> String j_username =
> (String)request.getParameter("j_username");
> String x =
> (String)request.getParameter("j_password");
>
> if (x != null){
> j_password = x.toCharArray();
> handler = new UsernamePasswordHandler(j_username,
> j_password);
> }
>
> LoginContext lc = null;
>
> try {
> lc = new LoginContext("example2", handler);
> lc.login();
>
>
> //this part doesn't matter very much
> Subject subject = lc.getSubject();
> Set principals = subject.getPrincipals();
> Principal user = new SimplePrincipal(j_username);
> principals.add(user);
>
> } catch (LoginException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> throw new Exception();
> }
>
> return mapping.findForward("index");
>
>
>
> The above code runs perfectly! It logs the user
> correctly and then i'm forwared to my index page.
> [b]But[/b], when i get to index, everything is
> gone!!!
> I'm not logged anymore. If i try to access another
> page in my application, i'm redirect to the
> login.jsp
> page again!!!
>
> I heard that this is because the multi-thread
> characteristic of the servlets, but
>
> How can i workaround this??? how can i make this
> maintain my login through the rest of my session???
>
>
> Here's a piece of login-config.xml
>
> <application-policy name = "client-login">
> <authentication>
> <login-module code =
> "org.jboss.security.ClientLoginModule"
> flag = "required">
> </login-module>
> </authentication>
> </application-policy>
>
>
>
> <application-policy name="example2">
> <authentication>
> <login-module
>
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag="required">
> <!--<module-option
>
name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>-->
> <module-option
> name="dsJndiName">java:/DefaultDS</module-option>
> <module-option name="principalsQuery">Select
> Password from Principals where PrincipalID
> =?</module-option>
> <module-option name="rolesQuery">Select Role
> 'Roles', RoleGroup 'RoleGroups' from Roles where
> PrincipalID =?</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
>
> Thanks and regards,
> Leandro
>
>
>
>
>
>
_______________________________________________________
> Yahoo! Acesso Grátis - navegue de graça com conexão
> de qualidade!
> http://br.acesso.yahoo.com/
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
