JAAS and Policy Agents
Hello everybody, I'm trying to create a simple JSP that it is protected using the Access Manager Policy Agent. I have configured the URL policy and it is working fine.
Now in my JSP I want to know what user is logged in but I don't want to use the AM API, instead I want to use the JAAS module. Any ideas on how to do it?
I thought thar AM will set the session attribute javax.security.auth.subject but I don't think it is doing it.
I get the Subject object but when calling the getPrincipals, the set is empty.
Any ideas?
Thanks a lot.
[577 byte] By [
capc75] at [2007-11-26 7:59:09]
# 1
Easy way: Configure your agent to set the user ID in HTTP head so you can read it without touching AM API.
Tough way: Enable form based authentication, install AM J2EE Agent (not web policy agent), you can get user ID with "getPrincipals" or "getRemoteUser" method.
Keep in mind, Using JAAS module does not mean you can avoid AM API, but do you have other reason to use JAAS? I usually keep myself away from it.
jxxe at 2007-7-6 20:27:18 >
# 2
Well the main idea is to develop something standard, so the application can work with other JAAS modules.
I will take a look on how to create that login module so I can get the Principal object. Do you know any examples or source that I can take a look to develop something like this?
Thanks
