Re: [jetty-users] HttpServletRequest Returns NULL Principal After Loggin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In

From: Jan Bartel <janb@xxxxxxxxxxx>
Date: Thu, 6 Feb 2020 09:57:32 +0100
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Have a read of the doc on the JAAS module in jetty here: https://www.eclipse.org/jetty/documentation/9.4.26.v20200117/jaas-support.html#_writing_your_own_loginmodule

Javadoc is here: https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/jaas/spi/package-summary.html

Jan

On Thu, 6 Feb 2020 at 06:18, Yicheng Wang <wangyicheng1209@xxxxxxxxx> wrote:

I’m sorry I didn’t find a detailed documentation of getUserInfo function and thus I’m not quite familiar with it. So given the username, getUserInfo should return the password wrapped in UserInfo class. And then login function would use that information to compare with the input password, which has already been handled with the current code. Am I getting it right?

On Feb 5, 2020, at 20:29, Olivier Lamy <olamy@xxxxxxxxxxx> wrote:

Hi
You do not need to override login. The class has been designed to only need overwrite getUserInfo.
if getUserInfo returns null it means you cannot login with this username.
Otherwise you need to look at how login method is implemented in AbstractLoginModule and this can change in the future.

On Thu, Feb 6, 2020 at 1:43 PM Yicheng Wang <wangyicheng1209@xxxxxxxxx> wrote:
Hi Olivier,

Thanks for your timely reply. Just to confirm, are you suggesting to have the login module extend AbstractLoginModule and override getUserInfo only? In my case, the login module relies on another class to do the authentication, so I have to override login as well. If in this case, shall I maintain other fields of AbstractLoginModule (like currentUser) manually in login function?

Best,
Yicheng

On Feb 5, 2020, at 19:26, Olivier Lamy <olamy@xxxxxxxxxxx> wrote:

Hi
Can you try with a simple subclass of AbstractLoginModule?
This should work.

On Thu, Feb 6, 2020 at 11:51 AM Yicheng Wang <wangyicheng1209@xxxxxxxxx> wrote:
Hi Team,

First of all, thank you for developing Jetty. I'm working on a project to
replace WebLogic with Jetty, and I've been stuck with authentication for
quite a while.

The previous project implements the JAAS interface and stores all user
information with self-maintained files, instead of using realm. I tried to
implement the login module with the same code. And I followed the official
document to set the configuration, but without realm. The login part works
fine. But after logging in, no matter what request I send to Jetty,
principal is always null and thus the user is deemed as unauthenticated and
is logged out. While for the login request, I do get the principal from the
request.

I have no idea about the root cause. Some of my guesses are as below.
1. I read the source code of AbstractLoginModule class, and there're a bunch
of fields like currentUser etc. I guess I shouldn't implement LoginModule
directly, as this breaks the inner mechanism of how Jetty integrates
customized login module.
2. I'm missing some critical configurations of HTTP requests.
3. I also notice session is not working properly at this point. Does session
have anything to do with null principal in the request?

Do appreciate your kind help!

Yicheng

--
Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

--
Olivier
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

--
Olivier
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD

References:
- [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
  - From: Yicheng Wang
- Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
  - From: Olivier Lamy
- Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
  - From: Yicheng Wang
- Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
  - From: Olivier Lamy
- Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
  - From: Yicheng Wang

Prev by Date: Re: [jetty-users] TLSv1 and TLSv1.1 are disabled by Jetty 10?
Next by Date: Re: [jetty-users] TLSv1 and TLSv1.1 are disabled by Jetty 10?
Previous by thread: Re: [jetty-users] HttpServletRequest Returns NULL Principal After Logging In
Next by thread: [jetty-users] TLSv1 and TLSv1.1 are disabled by Jetty 10?
Index(es):
- Date
- Thread

Breadcrumbs