Get HttpSession / Request in JAAS Login Module

Question

Get HttpSession / Request in JAAS Login Module

I am trying to get an HttpSession or Request in my login module. I already tried JACC, but it did not work.

I need this because I have to put captcha in the login window. Maybe one of them knows the JAAS ninja. I use kaptcha to do this.

early.

+4

java-ee jaas jacc

user1554562 Jul 26 '12 at 12:02

source share

1 answer

Fábio silva · Answer 1 · 2012-10-01T14:47:43+0000

I do just that in my applications running on JBoss AS.

Here is what I do to access the HttpServletRequest from the login module:

HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(HttpServletRequest.class.getName());

Then I get the session, extract the captcha and check it for the request parameter from the screen. After authenticating the user, I remove the captcha parameter from the session. This works great for me.

Note that the registration module can also be activated by EJB calls after the user has already authenticated. In this case, the captcha parameter will not be in the session, of course. Therefore, you must verify this.

Get HttpSession / Request in JAAS Login Module

More articles: