I have successfully setup a JBoss security domain, and can authenticate using BASIC authentication (as defined in web.xml). This all works well. I cannot however figure out how to use the http request.login method.
The following security domain (from jboss-web.xml) works for BASIC authentication:
<jboss-web>
<context-root>/myapp</context-root>
<security-domain>java:/jaas/myapp-realm</security-domain>
</jboss-web>
But when I use request.login as follows:
public void login() {
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
try {
request.login(username, password);
}
catch (ServletException ex) {
java.util.logging.Logger.getLogger(UserLogin.class.getName()).log(Level.SEVERE, null, ex);
}
}
I get the following exception:
javax.servlet.ServletException: Failed to authenticate a principal
I know the username/pasword is fine (it worked fine using BASIC auth). I have TRACE level logging on, and it doesn't look like it is even trying to authenticate. What have I missed?
See http://java-web-development.blogspot.com/2011/07/jee-6-security-part-two-implementation.html if you need more details about my setup/config. I am using JBoss 6.