Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2352

Enhance FORM based authentication to allow for transparent auth, error messages

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: JBossAS-4.0.3 Final
    • Fix Version/s: No Release
    • Component/s: Web (Tomcat) service
    • Labels:
      None
    • Environment:

      All

      Description

      Presently FORM based authentication does not allow developers to provide common functionality such as 'remember me' cookies, transparent authentication (from request attributes), and login failure error messages (somewhat addressed by ExtendedFormAuthenticator)

      These can be accomplished by extending the existing functionality (FormAuthenticator); unfortunately, the FormAuthenticator that ships w/ JBoss 4.0.3 does not have the necessary hooks for this.

      The attached code (auth.zip) demonstrates how we accomplished this; the primary change is in BaseCustomFormAuthenticator, with the addition of:

      1) getUserCredentials method that looks for user credentials in the request (remember me cookie, IP address, query string, etc.)
      2) getCredentialsFromFormFields that pulls credentials from j_username and j_password - can be extended to pull other attributes as well
      3) Addition of onFailedAuthentication hook to allow for inserting authentication exceptions into request scope
      4) Addition of inlineAuthentication flag (set if credentials are found in request) to prevent restoring original request (in the case of inline auth, this is the original request)

      The default implementation matches existing behaviour; see ChoicesFormAuthenticator for an example of how behaviour can be extended.

        Gliffy Diagrams

          Activity

          Hide
          clee.bridges.com Chris Lee added a comment -

          Sample source referenced in issue.

          Show
          clee.bridges.com Chris Lee added a comment - Sample source referenced in issue.
          Hide
          sappenin sappenin added a comment -

          I'd like this functionality as well – is there no other way to add a "remember me" cookie when using form-based auth? (I'm using JBAS 4.2.3GA).

          Show
          sappenin sappenin added a comment - I'd like this functionality as well – is there no other way to add a "remember me" cookie when using form-based auth? (I'm using JBAS 4.2.3GA).
          Hide
          jason.greene Jason Greene added a comment -

          Now that work is well underway with AS7, all previous community releases are end-of-lifed. So, all issues not directly assigned to an AS7 release are being closed.

          JBoss EAP is our supported enterprise version of AS, and you can file your issues against any release during its very long support window via CSP/RHN.

          If you believe your issue is still relevant to AS7 then please verify it and reopen.

          Show
          jason.greene Jason Greene added a comment - Now that work is well underway with AS7, all previous community releases are end-of-lifed. So, all issues not directly assigned to an AS7 release are being closed. JBoss EAP is our supported enterprise version of AS, and you can file your issues against any release during its very long support window via CSP/RHN. If you believe your issue is still relevant to AS7 then please verify it and reopen.

            People

            • Assignee:
              Unassigned
              Reporter:
              clee.bridges.com Chris Lee
            • Votes:
              4 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development