JAAS: how to login / logout programmatically?

Dear All,
i am writing a web application.
i have created a JSF login form for authentication. the application use JASS mechanism for pages protection.
i want to use the oracle's prebuild loginmodule (class name is
"oracle.security.jazn.login.module.LDAPLoginModule") to authenticate user from LDAP server.
to authenticate the user, my code in the backing bean for the login are:
public String authenticate()
MyCallbackHandler callback = new MyCallbackHandler();
callback.setName("name");
callback.setPassword("password");
//create a logoncontext for specific login module, and callbackhandler
LoginContext ctx = new LoginContext("name of configuration", callback );
//login
ctx.login();
callback handler code:
public class MyCallbackHandler implements javax.security.auth.callback.CallbackHandler
private String name = "";
private String password = "";
public void setName(String name)
this.name = name;
public void setPassword(String password)
this.password = password;
public void handle(Callback[] callbacks)
for(Callback c : callbacks)
if (c instanceof NameCallback)
((NameCallback)c).setName(name);
else if(c instanceof PasswordCallback)
((PasswordCallback)c).setPassword(password.toCharArray());
the login method SEEMS succeed as no exception thrown.
but the HttpServletRequest.getUserPrincipal() return null and whenever i visit other
protected page (after calling the logincontext.login())...i was redirected to the login page ...
do anyone know what the problem is??
thanks

Hi Frank,
I am also facing the same problem getting the container to recognize the user using login/logout programmatically. I cannot use j_security_check as my authentication module requires three fields for authenticating the user and also I have a jsf login form.
I have attempted the container to recognize the user by writing a filter to field all request with url-pattern "/" to get the user information from the session(saved by login action) and wrapped the request with an implementation of HttpRequestWrapper where I have overridden the methods - getRemoteUser(), getUserPrincipal(), isUserInRole().
It is the first mapping in the web.xml and I am unable to understand if the redirect is happening before/after it reaches my AuthenticationFilter and my user is never recognized by the container since my method implementations are not called. The AuthenticationFilter is being called and I think it is something to do with the ordering of the filter-mapping. Any help would be appreciated.
I have pasted my code below
AuthenticationFilter
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain fc) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpSession session = httpRequest.getSession();
if (session != null &&
session.getAttribute(SESSION_ATTR_USER) != null &&
session.getAttribute(SESSION_ATTR_ROLES) != null) {
String username =
(String)session.getAttribute(SESSION_ATTR_USER);
Set roleSet = (Set)session.getAttribute(SESSION_ATTR_ROLES);
AuthRequestWrapper wrapper =
new AuthRequestWrapper(httpRequest, username, roleSet);
fc.doFilter(wrapper, response);
} else {
fc.doFilter(request, response);
AuthRequestWrapper
public class AuthRequestWrapper extends HttpServletRequestWrapper {
private String username;
private Set roleSet;
private Principal principal;
public AuthRequestWrapper(HttpServletRequest request, String username,
Set roleSet) {
super(request);
this.username = username;
this.roleSet = roleSet;
this.principal = new UserPrincipal(username);
public String getRemoteUser() {
return username;
public Principal getUserPrincipal() {
return principal;
public boolean isUserInRole(String roleName) {
return roleSet.contains(roleName);
web.xml
<filter-mapping>
<filter-name>AuthFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>trinidad</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>

Similar Messages

  • How to login secured application programmatic way?

    Hi All,
    I am using JDeveloper 11.1.1.6 .
    My Scenarios I have username and password I need to login in the application programmatic way.I tried with the
        JAASAuthenticationService jas = new JAASAuthenticationService();
        jas.login("UserName", "Password");
    But that is not working .How to login the secured application programmatic way ?
    Thanks..

    Can you try this?
         public void login(String pUsername, String pPassword)
              AuthenticationService vAuthenticationService =
                   AuthenticationServiceUtil.getAuthenticationService();
              vAuthenticationService.login(pUsername, pPassword);
         public void logout()
              AuthenticationService vAuthenticationService =
                   AuthenticationServiceUtil.getAuthenticationService();
              vAuthenticationService.logout();
    Gud luck!
    -- HA

  • How can I get all Login/Logout details

    How can I get all Login/Logout details of all SAP Users from SAP Server/Database of any one year? I am asking about SAP License User. Is their any Table or Report by which I can get these details? For example USR02(Logon Data) Table store the last login/logout details of SAP Users. So in same way is any table which store Users Login/Logout details through out a year or month.

    Hi Sudheer,
    Check this .
    You can find the transactions by a particular user from the transaction SM04.
    SM04 gives you the details of the users logged in,terminals,transactions the user is working on, the time he has logged in,no of sessions user has opened, and the memory used by the user's programs... all of that w.r.t to the client we login. but we can't get info like date and number of times the user has logged in.
    U can see tables:
    USR01 User master record (runtime data)
    USR02 Logon data
    USR03 User address data
    USR05 User Master Parameter ID
    USR12 User master authorization values
    plz rewards points if helpful
    cheers
    srinivas.k
    Edited by: k srinivas on Apr 28, 2008 11:54 AM

  • How to do a programmatic login in a server context

    Hello,
    How to do a programmatic login in a server context?
    How can the current authenticated user, if any, be substituted by another in the middle of a request, in a save pipeline, eg?
    Regards.
    -- Nuno

    I don't know of a way to do exactly what you are asking. However, when I had your requirement I elevated the current user to the permission of an administrator who had the ability to perform any configuration desired.
    The only other reason I could think you need to be a specific user is so that the logs would indicate that the action was performed by a specific user.
    Unleash the Power - Get the LightSwitch 2013 HTML Client / SharePoint 2013 book
    http://LightSwitchHelpWebsite.com

  • How do I logout from icloud so that my wife can login?

    How do I logout from icloud so that my wife can login?

    You don't, unless you want to remove all your iCloud content from your phone.
    Why does your wife want to log in to iCloud on your phone? If it is to check her email, you'd need to setup her email account as a secondary one in Settings > Mail, Contacts, Calendars.

  • How to get logout to work for partner applications

    Hi
    I have configured the demo partner application of the ssosdk 3.07
    And login / logout works.
    My problem is that the sample logout code, only clears the
    cookie of the partner application, so the code redirects the
    appliation to the login server which reauthenticates the partner
    application.
    So shall the logout code clear the portal30_sso cookie.
    My other problem is the other way around, when I log out of
    Portal, I also need to be logged out of the partner application,
    have anybody have any success with that.
    Jakob

    FOR ASSISTANCE WITH ORDERS - iTUNES STORE CUSTOMER SERVICE
    For assistance with billing questions or other order inquiries, please refer to our online support page by clicking here: http://www.apple.com/support/itunes/store/. If you cannot find the answers you are seeking in our robust knowledge base, you can contact us by visiting the following URL http://www.apple.com/support/itunes/store/, clicking on the appropriate Customer Service topic, then using the contact button or email form at the bottom of the page. Responses to emails will be provided as soon as possible.
    Phone: 800-275-2273 How to reach a live person: Press 0 four times
    Hours of Operation: Mon-Fri: 9am-5pm ET
    Email: [email protected]
    How to report an issue with Your iTunes Store purchase
    http://support.apple.com/kb/HT1933
    iTunes Purchase Problems: How to Report a Problem to iTunes Support
    http://tinyurl.com/7tscpa7
    How to Get a Refund from the App Store
    http://gizmodo.com/5886683/how-to-get-a-refund-from-the-app-store
    Getting Refunds for your iTunes Store Purchases
    http://www.labnol.org/software/itunes-app-store-refunds/13838/
    Canceling a Digital Subscription
    http://gadgetwise.blogs.nytimes.com/2011/10/14/qa-canceling-a-digital-subscripti on/
     Cheers, Tom

  • Login/Logout sync with user control over folders to sync

    We have a user who needs modify the folders that are synced periodically.
    The user has multiple computers that they keep synced with OS X Server 10.4.10.
    We turned background sync to unmanaged and they are able to modify their settings and left login/logoff sync as managed. Any time they login/logoff auto sync does not occur.
    How do we configure their settings so that they can adjust the folders that get synced and still have auto sync at login/logoff?

    Not even sure you can do this but you might look for Login/Logout Hooks that can perform the action your looking to do. There would have to be a way to shell-script the Sync part of RHD which I'm not sure you can.
    On the Server Side you can control what get auto synced and what does not in WGM. Then you just set it all to auto on login/logout.

  • How to write logout method

    hi
    how to write logout method..... i am new to programming
    protected void logOut(){
    asap

    When I posted my first reply, I was thinking of writing to an output log. Do you mean "logout" like in web applications???
    You don't need to write any special code for that. At the most, you would want to clean up the resources like connections, sockets,... created by the application. If you have some mechanism which retains some "login" information, you might reset it to some default value.
    Why don't you be specific with your question instead of writing in such a vague manner?

  • Are there login/logout widgets

    Hi All
    I am looking for a very robust franework where common elements to typical ecommerce type of websites are available. For example I see most sites have a login and logout system. I have written previous login logouts for my sites but im looking for something very sophisticated and robust
    key features would be
    1 - ability to know how many people are logged in to your site
    2 - storing as much information about login client during login process in databases. example ip info, datetime, referring site, page loigged in from and so on
    3 - logging unsucessful logins
    4 - placing cookies or session cookies on successful logins
    5 - terminating sessions if client logs out by clicking logout button in website and flag log in databases saying he has logged out.
    6 - terminating sessions if they do not logout and flag log in databases saying he has logged out.
    also there may be other important features in login/logout that i havnt thought of.
    Is something available like this that i can pick up?
    Regards
    Antek

    Hi,
    There is a feature of DISQUS called "Guest commenting". If you use this feature, user willnot have to login or register
    Guest Commenting | DISQUS
    Hope this helps

  • Controlling Login/Logout and Background Sync

    Mac OS X Server 10.5.7
    Mac OS X Client 10.5.7
    Everything setup perfectly and by the book on both Server and Client.
    Problem:
    Why in God's name has Apple COMBINED the sync rules for both Login/Logout and Background Sync??? It's the most illogical thing and it does not work!!!
    Question:
    I know how to prevent Background items from Syncing at Login (through the preference manifest), but how to I get the Background sync NOT to sync LOGIN/LOGOUT items.
    The problem is always and systematically been mostly with the LIBRARY folder giving all sorts of sync errors. I have tried every possible trick combination but nothing seems to work.
    Is this STILL a bug even after a year?? If so, other than skipping the Library folder completely, mobile homes is utterly useless and unreliable. If I skip the Library folder, then mobile homes aren't really complete if a user moves to another machine.
    Has anyone found a reliable solution to this mess?
    PLEASE HELP.

    Something is definitely breaking it. Its as if at some random point in time, the sync stops obeying the background rules. I can only conclude that there is still is a bug somewhere that is not fixed.
    For example, I initially created the mobile home setting using the computer groups. When that started giving me errors, then I figured, let me try it by doing it via groups. So I created a new group and then, undid the settings for mobile homes that I had set for my computer group.
    The first time I logged in, it was working perfectly. Then my laptop's battery died. When I plugged it back, it reconnected to my wireless network and THATS when the bug started showing up again. No matter how many times I restarted, if I have firefox or entourage open, I automatically see that exclamation point in the upper right hand corned (on the mobile homes icon) and its ALWAYS the library files pertaining to those apps that 'are in use'.
    This is really frustrating and most non-apple like. This used to work perfectly under Tiger Server, I don't understand how Apple can mess this up THIS BAD and worse, not have a solid fix after a year.
    This bug even occurred with a brand new installation of Leopard server on a Xserve and a Mac OS X 10.5.7 station. The instant the mobile user logged on, that exclamation point came on complaining about the entourage files being in use even though that entire folder is set to be SKIPPED during Background Syncing.
    Not sure where to look anymore.
    And one more thing; as soon as I encounter that exclamation point, the time/date stamp reporting the last sync stops working as well.
    Could you provide screenshots of your setup? Could it be that Im missing one tiny detail somewhere? I just dont see where though.
    This is an updated output after it breaks (maybe there's a clue in there somewhere)
    excludedItems = (
    comparison = fullPath;
    value = "~/.SymAVQSFile";
    comparison = fullPath;
    value = "~/.Trash";
    comparison = fullPath;
    value = "~/.Trashes";
    comparison = fullPath;
    value = "~/Documents/Microsoft User Data";
    comparison = fullPath;
    value = "~/Library";
    comparison = fullPath;
    value = "~/NAVMac800QSFile";
    excludedPrefItems = (
    comparison = fullPath;
    value = "~/.SymAVQSFile";
    comparison = fullPath;
    value = "~/.Trash";
    comparison = fullPath;
    value = "~/.Trashes";
    comparison = fullPath;
    value = "~/Library/Application Support/SyncServices";
    comparison = fullPath;
    value = "~/Library/Caches";
    comparison = fullPath;
    value = "~/Library/Logs";
    comparison = fullPath;
    value = "~/Library/Printers";
    comparison = startsWith;
    value = "IMAP-";
    comparison = startsWith;
    value = "Exchange-";
    comparison = startsWith;
    value = "Mac-";
    homeSyncCompleted = 1;
    homeSyncTime = 2009-05-25 21:09:29 -0400;
    isNewMobileAccount = 0;
    periodicSyncOn = 1;
    syncPeriodSeconds = 0;
    syncedFolders = (
    path = "~";
    syncedPrefFolders = (
    path = "~/Library";
    path = "~/Documents/Microsoft User Data";
    }

  • Getting ~/Library to sync in background when login/logout sync turned off

    I have a bunch of laptop users with very slow network connections where I need to turn off login/logout sync and only sync data in the background manually. Problem is, if you turn off login/logout sync it also turns off syncing ~/Library in the background.
    Now if you use the Details tab for MCX setting in WGM you can add the key "Sync Preferences in the Background" and set it to "sync" but it doesn't make any difference.
    Anyone know how to work around this so I don't have to sync anything at login/logout but can still sync Preferences in background when I manually do a sync?

    I don't think it's in the GUI, but you can manage this stuff pretty granularly with the following boolean flags in ~/Library/Preferences/com.apple.homeSync.plist:
    <key>syncBackgroundSetAtLogin</key>
    <string>dontSync</string>
    <key>syncBackgroundSetAtLogout</key>
    <string>dontSync</string>
    <key>syncPreferencesAtLogin</key>
    <string>dontSync</string>
    <key>syncPreferencesAtLogout</key>
    <string>sync</string>
    <key>syncPreferencesAtSyncNow</key>
    <string>dontSync</string>
    <key>syncPreferencesInBackground</key>
    <string>dontSync</string>
    I think the keys you want are syncPreferencesInBackground and/or syncPreferencesAtSyncNow. However, I found that this unpredicatably didn't sync everything. PHD has a generally hard time with open files and many of these files are open. Also, note that 10.5 changed in that it considers any hidden folders loose in your home folder (e.g. .ssh/) to be included in "Preference" syncing only occurring at Logout and Login. This isn't really documented or shown anywhere. I'm pretty sure that they are ignored in the background *even with* the above flags in use. Note that I haven't played with these in a while, so your mileage might vary. Perhaps they're just not ready for prime time.
    EDIT:
    Actually, I just remember where and how I found these: You need to follow the directions for "Using the Preference Editor to Manage Core Services" on page 236 of the User Management manual. This gives you the location of Preference Manifest for Home Folder Syncing which has a bucketload of cool options, including automatic conflict resolution.
    Message was edited by: jaydisc

  • Flex Session & login logout

    I have a web application in flex with back end as LCDS. I want to execute a function in server when the client logs out/close the browser.
       How can I implement this ( calling a severside function while user close the browser without properly logging out)?
    Can anybody help me?

    thank you for your advice yogi, but I would be more understanding if tried in the form of training / tutorials, can you tell the link that discusses login / logout session using flex and java
    thanks

  • Need to understand the authenticate, login, logout methods of HTTPServlet

    Hy,
    I want to understand how to use and what is authenticate, login, logout methods of HTTPServlet?
    As i was not able to find the documentation on Servlet 3.0

    They don't exist as methods. They are facilities of the servlet container. Have a look for Container Managed Security in e.g. Tomcat.

  • Slow component problem (logon page, login - logout)

    Hi All,
    since some time i'm experiencing a "slow component" problem with EP.
    As a sympthom portal is slow during first logon page and during login - logout.
    Jarm trace report the situation below:
    Component Name     Avg Gross Time (ms)     Total Gross Time (ms)     Max Gross Time (ms)
    UME:SAPJ2EEAuthenticator:getLoggedInUser     90,045     450,226     n/a
    AppServer:Security:Authentication:LOGIN:com.sap.security.core.server.jaas.SPNegoLoginModule     90,023     450,116     n/a
    AppServer:Security:Authentication:FastLoginContext:login     90,022     900,229     n/a
    AppServer:Security:Authentication:LOGIN:com.sun.security.auth.module.Krb5LoginModule     90,006     450,031     n/a
    (90 seconds to load login page!!)
    Seems to be an UME problem, but logs are OK and the configuration is the same of other systems that work fine.
    Anyone has any idea ?
    Thanks guru !
    Lorenzo

    Hi,
    I am dealing with exactly the same problem. I hope you should have fixed this problem by now. Please help me fix mine.
    Many thanks in advance.
    Regards,
    Pawan.

  • Running commands on GNOME login/logout

    Hi everyone,
    I have a truecrypt partition which I want to mount on GNOME login and dismount on logout. My approach is different to the one in the Truecrypt wiki since I don't like having passwords stored unencrypted in files:
    What I want to do is basically run "sudo truecrypt --auto-mount=favorites" everytime my user logs in to GNOME (not to a terminal) and run "sudo truecrypt -d" on logout.
    How can I do this? I didn't find anything in the GNOME wiki entry or on the web, only for logins in general using .bashrc which is not what I want.
    Thanks for any help.
    BTW, does anyone know why there is no possibility to start TrueCrypt minimized to tray (the TrueCrypt Background Task) on Linux? Also, the Windows version has a "Mount favorite volumes on startup" setting which I couldn't find in the Linux version. These two things would have saved me a lot of time.

    arkham wrote:If you are using gdm to login/logout you could take a look in /etc/gdm. There are some folders called PreSession and PostSession which may be useful to you,
    Somehow these folders don't work for me. I decided to use the GNOME startup programs to run the mount command since it shows a window requesting the volume password. I added a "Truecrypt" file with the following content to the PostSession folder, made it executable by everyone, but my volume doesn't get unmounted.
    #!/bin/sh
    sudo truecrypt -d
    exit 0
    The solution for the login command is basically found, any suggestions how to get the PostSession file working or even another way to run the logout command?

Maybe you are looking for

  • Two iTunes accounts - how do I combine them?

    I have two iTunes account (by accident). Some of my purchased music and apps are in one account and some are in the other one. A year or so ago, I was told that it was not possible to combine them. Has this changed? I would really like to have ONE iT

  • HP 54501A - Instrument Driver for LabView v.7 or v.8

    Hi all, I'm looking for HP 54501A - Instrument Driver for LabView v.7 or v.8. I have NI gpib/usb controller installed, but cannot control the scope via Labveiw. The link I found at NI web site within drivers section seems to be broken so I couldn't d

  • OBIEE 11.1.1.5

    Quick question for OBIEE experts.   How do you disable the "Column Exclude feature" in this version of OBIEE?   Eg...After a report is already created and when you return to the criteria section and add a column and then view it in results....it some

  • Testing the form

    Is it possible for anyone other than the author of the form to test the form?  If I share the form can I then go back and edit it before finally sending it public?

  • Where is my missing Smartsound plug-in?

    Can anyone help? I happily used Premiere Elements 8 with Smartsound. I upgraded to Premiere Elements 10, but Smartsound is no longer available to me. I have tried uninstalling and re-installing, but it is still not there.