I am developing a JSF 2 application running under JBOSS Wildfly, which utilizes Java's JAAS security mechanism.
Everything works as expected and I can login using the request.login(username, password) mechanism.
I also have a requirement to authorize a device (which I have implemented using cookies) as part of the login processs. The process I am trying to implement is as follows;
- Validate username and password (but not log them in)
- Check device authorization and redirect to the authorization process pages if not already authorized).
- Login (if authorization is successful)
I don't want to log the user in unless they are authorized, and I don't want to go through the authorization process unless the username and password is correct.
So I need to verify the credentials are correct without actually logging the user in. I can do this manually via a database query, but I was wondering if there is a way to do this via JAAS.
Any ideas? Rich