CODEWITHSUNDEEP
javaservletsjbossjboss7.xservlet-filters
robin
robin

Reputation: 1925

Issue With Jboss Authentication

I have to perform some action which should be done after the session is authenticated. Right now I am using a filter and inside the filter I am checking whether the session contains a user principal and if yes I am performing the action. But the problem is this is getting called for every action after authentication, which will cause some issues. Is there any way to perform it in a way that it will get executed only once?

Upvotes: 0

Views: 139

Answers (3)

kwart
kwart

Reputation: 3164

You can use a custom login module. Look at LoginModule developers guide for details.

Put your action into the commit() method of the login module. Add the new login module into the chain of login modules used in the security domain used by your application.

Updated

Example Login Module (which can be part of your WAR deployment):

package org.jboss.test;

import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class EmptyLoginModule implements LoginModule {

  public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
      Map<String, ?> options) {
  }

  public boolean login() throws LoginException {
    return true;
  }

  public boolean commit() throws LoginException {
    System.out.println("Authenticated");
    return true;
  }

  public boolean abort() throws LoginException {
    return true;
  }

  public boolean logout() throws LoginException {
    return true;
  }

}

Sample security domain configuration:

<security-domain name="web-tests" cache-type="default">
    <authentication>
        <login-module code="UsersRoles" flag="required"/>
        <login-module code="org.jboss.test.EmptyLoginModule" flag="required"/>
    </authentication>
</security-domain>

Upvotes: 2

vmishra
vmishra

Reputation: 1762

Right now I am using a filter and inside the filter

You can go the inner filter only when HttpContext.User.Identity.IsAuthenticated is "true" which would be only after you check in the inner filter if session contains a user principal and you explicitly set HttpContext.User.Identity.IsAuthenticated to true.

Upvotes: 0

Gnana Guru
Gnana Guru

Reputation: 715

Hope your filter is getting called for all the URL as the filter is applied something like 

<filter-mapping>
   <filter-name>AuthenticationFilter</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

If it is the case, you can filter it by specific URL or portion of it.

ex:

<filter-mapping>
   <filter-name>LogFilter</filter-name>
   <url-pattern>/login.go</url-pattern>
</filter-mapping>

So that, your all other request will not be filtered. Hope it helps :)

Upvotes: 0

Related Questions