Get HttpSession/Request in a JAAS Login Module

2019-02-18 06:24发布

I'm trying to obtain the HttpSession or Request in my Login Module. I already tried JACC, but it didn't work.

I need this because I have to put a captcha in a login window. Maybe some JAAS ninja knows a better way to do that. I'm using kaptcha to do that.

thanks in advance.

1条回答
We Are One
2楼-- · 2019-02-18 06:43

I do exactly that in my applications running on JBoss AS.

Here's what I do to access the HttpServletRequest from within the login module:

HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(HttpServletRequest.class.getName());

Then I get the session, extract the captcha and validate it against the request parameter from the screen. After I authenticate the user, I remove the captcha parameter from the session. This works fine for me.

Note that the login module can also be activated by EJB calls after the user is already authenticated. In that case, the captcha parameter won't be in the session, of course. So you should check it.

查看更多
登录 后发表回答