JAAS: how to login / logout programmatically?
Dear All,
i am writing a web application.
i have created a JSF login form for authentication. the application use JASS mechanism for pages protection.
i want to use the oracle's prebuild loginmodule (class name is
"oracle.security.jazn.login.module.LDAPLoginModule") to authenticate user from LDAP server.
to authenticate the user, my code in the backing bean for the login are:
public String authenticate()
{
MyCallbackHandler callback = new MyCallbackHandler();
callback.setName("name");
callback.setPassword("password");
//create a logoncontext for specific login module, and callbackhandler
LoginContext ctx = new LoginContext("name of configuration", callback );
//login
ctx.login();
//...................
//....................
}
callback handler code:
public class MyCallbackHandler implements javax.security.auth.callback.CallbackHandler
{
private String name = "";
private String password = "";
public void setName(String name)
{
this.name = name;
}
public void setPassword(String password)
{
this.password = password;
}
public void handle(Callback[] callbacks)
{
for(Callback c : callbacks)
{
if (c instanceof NameCallback)
{
((NameCallback)c).setName(name);
}
else if(c instanceof PasswordCallback)
{
((PasswordCallback)c).setPassword(password.toCharArray());
}
}
}
}
the login method SEEMS succeed as no exception thrown.
but the HttpServletRequest.getUserPrincipal() return null and whenever i visit other
protected page (after calling the logincontext.login())...i was redirected to the login page ...
do anyone know what the problem is??
thanks