How to obtain the Session Id in a Login Module while using JBoss AS

Sometimes the SessionId or the entire HttpSession is needed in the JAAS Login Module or somewhere else.
After searching the Internet I found two
useful Classes at JBoss:

HttpServletRequestLoginModule and

I simply tried to get the getHttpServletRequest() method

protected HttpServletRequest getHttpServletRequest()
throws PolicyContextException
   return (HttpServletRequest)

with this method you can obtain the session:

The only thing to do, is to add
javax.servlet.jar and jboss-j2ee.jar to the classpath and add the getHttpServletRequest()
to your own Login Module. Thats all, somethimes the world is easy…

3 thoughts on “How to obtain the Session Id in a Login Module while using JBoss AS

  1. Hello, I need to access to the http request in my login module, and I’ve tried your solution w¡th the getHttpServletRequest method. However, I’m getting a java.lang.IllegalArgumentException with the following message when calling PolicyContext.getContext:
    “No PolicyContextHandler for key=javax.servlet.http.HttpServletRequest”

    By the way, I’m using JBoss 4.0.5 with Tomcat 5.5 and Sun Java 6.

    Do you have any clues about what may I be doing wrong?

    Thanks a lot.

  2. Hello Carmen,
    unfortunately I didn’t have a clue what specially went wrong.
    It seems to be a misconfiguration of the jboss.
    Try to look/google at your jboss configuration, it seems to be that
    HttpServletRequest is not registered in the PolicyContext.

    You can list the registered handlers with:

    Please send me your solution if you found it.

    good luck,

  3. …i just had another Idea:
    check the croosContext option in the tomcat:
    In jboss-web.deployer/context.xml
    add the crossContext=”true” like this:

    <Context cookies=”true” crossContext=”true” privileged=”true”>

Leave a Reply

Your email address will not be published. Required fields are marked *