Stack Overflow
Stack Overflow

Questions tagged [jaspic]

JASPIC is an SPI for creating portable server authentication modules (aka SAMs or login modules). It was introduced with Java EE 6, but only for the full profile.

50 questions
4
votes
3 answers

Jaspic module not propagating principal to local EJB in JBoss 7.4

I have a custom, JSR-196 module, that basically delegates to a service that delegates roles to a OAuth "grants" call. It does work from a servlet (request.getUserPrincipal() works fine). It does not propagate to EJB calls, where…
ymajoros
  • 2,454
  • 3
  • 34
  • 60
4
votes
2 answers

Use JASPIC auth module on WebSphere 8.5

I have a JASPIC auth module that works really well on GlassFish, WildFly and WebLogic. Now we have a new customer who uses WebSphere 8.5, and I can't get the auth module to run properly there. The problem is that WebSphere doesn't accept the…
Mike Braun
  • 3,729
  • 17
  • 15
4
votes
2 answers

Form based authentication in JSF

I would like to implement a simple authentication in an JSF/Primefaces application. I have tried lots of different things, e.g. Dialog - Login Demo makes a simple test on a dialog, but it does not login a user or? I also have taken a look at Java…
Mike Petersen
  • 177
  • 2
  • 7
4
votes
2 answers

Automatic login with HttpServletRequest and LDAP

I have a JSF web application that uses cookies for automatic authentication without prompting for username & password. It uses a cookie with username and a random UUID, and uses a WebFilter for redirection. When there are no cookies on the client…
perissf
  • 15,979
  • 14
  • 80
  • 117
3
votes
1 answer

When using JASPIC for authentication, is web.xml still relevant in terms of authentication?

It's been a loooooong time since I've done JASPIC work. I have a web.xml that looks like this:
Laird Nelson
  • 15,321
  • 19
  • 73
  • 127
3
votes
1 answer

Jaspic: handle access to unprotected resource

I'm studying JASPIC, I start a little project from scratch to explore it and how it behave on Wildfly. First step is to invoke my SAM validateRequest method and return content of an unprotected resource, the index.html page. Ok, validateRequest is…
Francesco
  • 1,742
  • 5
  • 44
  • 78
3
votes
2 answers

Jaspic ServerAuthModule delegating to JAAS Krb5LoginModule

I have to write a custom Jaspic ServerAuthModule (which needs to add a proprietary Authentication Cookie to the HTTP Response AND HTTP Request to be propagated to the applications running on the App Server). The Authentication must be done using…
Jérémie
  • 557
  • 4
  • 15
3
votes
1 answer

Wildfly 8.1.0 Final / JASPIC: ServerAuthModule.validateRequest() not being called when invoking HttpServletRequest.authenticate()

I am migrating a Glassfish app to Wildfly 8. In Glassfish I was using Jersey, and in Wildfly I am using RESTeasy. I have run into a bit of a problem with the JASPIC implementation in WildFly. In both containers, the SAM (ServerAuthModule) is being…
John Donahue
  • 162
  • 1
  • 8
3
votes
4 answers

Java EE 6 App different login methods

I´m currently developing a "basic" Java EE 6 application with JSF (frontend) and JPA, EJB, and CDI (backend). Everything works well so far. For the login part I've chosen form-based authentication together with a JDBC-Realm. Now I like to offer…
urbiwanus
  • 713
  • 5
  • 21
3
votes
1 answer

How to apply Filter before security constraint in JBoss EAP6/AS7

Edit: For some context, I am using a custom security-domain and manually calling request.login. I am not using the standard FORM authentication. Edit: It seems like what I am really looking for is a way to replicate the functionality…
Kurt Koller
  • 334
  • 1
  • 3
  • 14
2
votes
0 answers

JASPIC authentication not honoured at EJB layer in JBoss EAP 7

I have an EAR that contains a WAR within. A JAAS based security domain is configured for the EAR (inside jboss-app.xml) and a JASPIC based one for the WAR (inside jboss-web.xml). The EAR contains EJBs that I wanted to be protected using JAAS. The…
Nibin Jacob Panicker
  • 291
  • 3
  • 8
2
votes
2 answers

AuthenticationStatus return NOT_DONE when use a custom form and a basebase identity store

I have spent days on updating myself to Java EE 8, there is a problem I'v encountered when used @CustomFormAuthenticationMechanismDefinition and @DatabaseIdentityStoreDefinition together. I am using Glassfish v5, NetBeans 9 nightly and Java 8. What…
Hantsy
  • 8,006
  • 7
  • 64
  • 109
2
votes
0 answers

Custom auth module for JASPI authentication in wildfly

I need to use a custom auth module for JASPI authentication in wildfly. My standalone-full.xml:
Sahid
  • 100
  • 1
  • 1
  • 11
2
votes
1 answer

Custom JASPIC on WebSphere error message

Though similar, the specific problem I have is not addressed in Use JASPIC auth module on WebSphere 8.5 I am getting the following error message: SECJ8027E: The path and name of file where JASPI persistent registrations are stored must be specified…
Archimedes Trajano
  • 35,625
  • 19
  • 175
  • 265
2
votes
2 answers

Java EE 6 security - use user entity class

All I need is a simple login page that will check against the username and password of a simple User entity class. Is that possible with Java EE 6? In the tutorials they always store the users on the glassfish server.
Andreas Ka
  • 839
  • 9
  • 23
1
2
3 4