JAAS LoginModule login() and commit() successful, but user not logged in

Question

I've implemented a LoginModule to perform some custom authentication, and call the authentication using the login() method of the LoginContext class. The login module's login() and commit() methods are called successfully, but instead of being able to use the web app I am being sent back to the login page immediately. request.getUserPrincipal() is null, as well as request.getRemoteUser().

Any ideas would be greatly appreciated. Thanks!

ADDITIONAL INFO

Also, right after I call loginContext.login() on the front end, calling loginContext.getSubject().getPrincipals() gives me the proper list of principals and roles for the user that just logged in.

I'm using Tomcat 6.0.29 as my server.

Answer 1

I was trying to do programmatic login in Tomcat, and even though the login module was running, the container wasn't receiving the authentication. My solution was to do authentication using an HTML form with "j_security_check" as it's action.

Answer 2

umm a shot in the dark

have you tried giving permission in the policy file like so

grant codeBase "file:/myCustomModule.jar" {
  permission javax.security.auth.AuthPermission "modifyPrincipals";
  permission javax.security.auth.AuthPermission "modifyPublicCredentials";
  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
};