Application Server 3  4  5 and 6
  1. Application Server 3 4 5 and 6
  2. JBAS-2352

Enhance FORM based authentication to allow for transparent auth, error messages

    Details

    • Type: Feature Request Feature Request
    • Status: Closed Closed (View Workflow)
    • Priority: Major Major
    • Resolution: Out of Date Out of Date
    • Affects Version/s: JBossAS-4.0.3 Final
    • Fix Version/s: No Release
    • Component/s: Web (Tomcat) service
    • Security Level: Public (Everyone can see)
    • Labels:
      None
    • Environment:
      All
    • Similar Issues:
      Show 10 results 

      Description

      Presently FORM based authentication does not allow developers to provide common functionality such as 'remember me' cookies, transparent authentication (from request attributes), and login failure error messages (somewhat addressed by ExtendedFormAuthenticator)

      These can be accomplished by extending the existing functionality (FormAuthenticator); unfortunately, the FormAuthenticator that ships w/ JBoss 4.0.3 does not have the necessary hooks for this.

      The attached code (auth.zip) demonstrates how we accomplished this; the primary change is in BaseCustomFormAuthenticator, with the addition of:

      1) getUserCredentials method that looks for user credentials in the request (remember me cookie, IP address, query string, etc.)
      2) getCredentialsFromFormFields that pulls credentials from j_username and j_password - can be extended to pull other attributes as well
      3) Addition of onFailedAuthentication hook to allow for inserting authentication exceptions into request scope
      4) Addition of inlineAuthentication flag (set if credentials are found in request) to prevent restoring original request (in the case of inline auth, this is the original request)

      The default implementation matches existing behaviour; see ChoicesFormAuthenticator for an example of how behaviour can be extended.

        Activity

        Hide
        Chris Lee
        added a comment -

        Sample source referenced in issue.

        Show
        Chris Lee
        added a comment - Sample source referenced in issue.
        Hide
        sappenin
        added a comment -

        I'd like this functionality as well – is there no other way to add a "remember me" cookie when using form-based auth? (I'm using JBAS 4.2.3GA).

        Show
        sappenin
        added a comment - I'd like this functionality as well – is there no other way to add a "remember me" cookie when using form-based auth? (I'm using JBAS 4.2.3GA).
        Hide
        Jason Greene
        added a comment -

        Now that work is well underway with AS7, all previous community releases are end-of-lifed. So, all issues not directly assigned to an AS7 release are being closed.

        JBoss EAP is our supported enterprise version of AS, and you can file your issues against any release during its very long support window via CSP/RHN.

        If you believe your issue is still relevant to AS7 then please verify it and reopen.

        Show
        Jason Greene
        added a comment - Now that work is well underway with AS7, all previous community releases are end-of-lifed. So, all issues not directly assigned to an AS7 release are being closed. JBoss EAP is our supported enterprise version of AS, and you can file your issues against any release during its very long support window via CSP/RHN. If you believe your issue is still relevant to AS7 then please verify it and reopen.

          People

          • Assignee:
            Unassigned
            Reporter:
            Chris Lee
          • Votes:
            4 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: