glassfish_at_javadesktop.org wrote:
> Hello nasradu8, thanks for the response.
>
> I must say, I came across your blog post earlier today and it was very helpful and like to say thanks. I actually plugged your implementation into my container and was able to get it working fairly easily. The issue I do have however, is casting the principal that I get out of the request to my custom principal. It appears that the custom principal set in the LoginModule gets turned into a com.sun.web.security.WebPrincipal somewhere along the way which will not allow me to cast back to my custom principal.
>
> This brings me to two questions:
>
> 1) I am implementing form based authentication compared to your basic authentication example. Either there is something wrong with my implementation (most likely) or there is something different/unique between a custom authentication module for form based authentication and basic authentication. If there should be no differences or obstacles between the two, then I should be able to get my implementation working by following your code example. Do you know of any differences between the two that would be causing me issues or should I just look more at the code?
>
>
Implementing Form based Auth with a SAM is slightly different than that
of Basic Auth. If you need a sample SAM that uses FORM based auth let us
know we can send it to you.
> 2) Is there a way to replace the com.sun.web.security.WebPrincipal or use another technique (maybe a servlet filter) that will allow me to access my custom principal from a servlet? I am trying to keep this as not tied to a specific container as possible, and not have to resort to servlet filters if possible. One possible solution I've toyed with is just storing my custom principal in the user's session and just providing documentation on how to access it. I need a few additional attributes, like organization that seem like they fit into the principal/authentication scheme best, which is why I'm trying to accomplish this at this layer.
>
>
Pluggability of the Principal Class is a planned item . See SEC-011 in
the page :
http://wiki.glassfish.java.net/Wiki.jsp?page=3.1NewSecurityFeatures
However we are not addressing it for V3.1 due to lack of resources. You
may want to continue with the custom ideas that you suggest above for now.
> Again, thanks for the reply and your blog entry.
> [Message sent by forum member 'unistd_h']
>
> http://forums.java.net/jive/thread.jspa?messageID=476813
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>