Authentication
I using Sun Java Enterprise System 2005Q4
i have created a web application "App" and deployed it thru' the application server.
App/* files are the normal user files while
App/admin/* files contains administration related files.
i need to authenticate the admin part of my app only to the admin of the access manager.
how do i do that, do i need to put any filter in my web.xml ...
i have searched this out but i could not find any material ... plz provide some link or ref. about this.
Thank you,
bhupi
# 1
[nobr]Hi every1,
I could not find any solution for my problem, so i tried to do authentication using a filter:
public class CheckFilter extends GenericFilter {
public void doFilter(final ServletRequest request, final ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest)request).getSession(false);
if (session == null){
((HttpServletResponse)response).sendRedirect("/SecureWebApp/Login.jsp");
return;
}
SSOToken token = (SSOToken)session.getAttribute("token");
if (token==null) {
((HttpServletResponse)response).sendRedirect("/SecureWebApp/Login.jsp");
return;
}
try {
SSOTokenManager tm = SSOTokenManager.getInstance();
if (!tm.isValidToken(token)) {
((HttpServletResponse)response).sendRedirect("/SecureWebApp/Login.jsp");
return;
}
request.setAttribute("name", token);
} catch (SSOException ssoe) {
((HttpServletResponse)response).sendRedirect("/SecureWebApp/Login.jsp");
return;
} catch (UnsupportedOperationException uoe) {
request.setAttribute("error", uoe);
}
chain.doFilter(request, response);
}
}
this filter is mapped to all my protected resources.
in my login servlet i've done this:
public class LoginServlet extends HttpServlet {
/** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String username = request.getParameter("j_username");
String password = request.getParameter("j_password");
try {
// Authenticate the user and obtain SSO Token
AuthContext lc = null;
lc = new AuthContext("dc=dev,dc=local");
lc.login();
while (lc.hasMoreRequirements()) {
Callback[] callbacks = lc.getRequirements();
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback nc = (NameCallback) callbacks[i];
nc.setName(username);
} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) callbacks[i];
pc.setPassword(password.toCharArray());
} else {
return;
}
}
lc.submitRequirements(callbacks);
}
if (lc.getStatus() != AuthContext.Status.SUCCESS) {
response.sendRedirect("error.html");
return;
}
// Obtain the SSO Token
SSOToken token = lc.getSSOToken();
request.getSession(true).setAttribute("token", token);
response.sendRedirect("pages/index.jsp");
/*out.println("<br><h3>SSOToken:</h3> " + token.getTokenID());
//usrdn = token.;
//out.println("<br><h3>User DN:</h3> "
//+ usrdn);
out.println("
");
*/
} catch (Exception e) {
request.setAttribute("error", e);
request.getRequestDispatcher("error.jsp").forward(request, response);
}
}
}
everything seems to be working fine whenever i request for a projected resources im directed to a login page and every thing works fine.
Is this the correct way of doing authentication thru' access manager, if not what will be the problems i might face.
here im store the SSOToken in the session object, should i carry the tokenid instead or do entirely something else?
Thank you,
Bhupi[/nobr]
# 5
Hi again,
I installed the j2ee agent for AS 8.1. used sun docs for installing procedure. deployed agentapp.war on the server.
but when i start the webapp "agentapp" in the browser the following error comes on screen:
javax.servlet.ServletException: Filter execution threw an exception
root cause
java.lang.NoClassDefFoundError
com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:184)
com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:246)
com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:36)
and server.logs show the following error also
java.lang.ExceptionInInitializerError
at com.sun.identity.agents.arch.Manager.<clinit>(Manager.java:641)
at com.sun.identity.agents.filter.AmAgentBaseFilter.initializeFilter(AmAgentBaseFilter.java:184)
at com.sun.identity.agents.filter.AmAgentBaseFilter.getAmFilterInstance(AmAgentBaseFilter.java:246)
at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:36)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at com.sun.enterprise.web.connector.httpservice.HttpServiceProcessor.process(HttpServiceProcessor.java:226)
at com.sun.enterprise.web.HttpServiceWebContainer.service(HttpServiceWebContainer.java:2071)
Caused by: java.lang.RuntimeException: Failed to load secondary configuration: No value specified for: com.sun.identity.agents.config.location
at com.sun.identity.agents.arch.AgentConfiguration.setConfigurationFilePath(AgentConfiguration.java:423)
at com.sun.identity.agents.arch.AgentConfiguration.bootStrapClientConfiguration(AgentConfiguration.java:475)
at com.sun.identity.agents.arch.AgentConfiguration.initializeConfiguration(AgentConfiguration.java:859)
at com.sun.identity.agents.arch.AgentConfiguration.<clinit>(AgentConfiguration.java:1136)
... 19 more
now at the bottom of the error it says:
No value specified for: com.sun.identity.agents.config.location
where and what location do i have to provide?
thank you,
bhupi
