Hi Mike > So after 5 min of study let me revise me proposed configuration. :)
> I guess I will be using CAS's login form which is fine. So that > elimitates the requirement for Acegi authentication filters. > JBoss probably can't setup CAS as its AuthenticationManager so > perhaps it could provide some kind of simple stub authentication > manager that is called when Acegi authenticates through CAS? > Or perhaps Acegi could send the CAS principal and ticket auth > request to JBossAcegiLogin for authentication? The simplest approach would be to not use the Jboss container adapter. Doing so requires lots of JARs in your Jboss classloader and it will be awkward to do what you're seeking (I'll discuss this more below). The only thing you gain by going through all of this is EJB declarative security. If you only have a few EJBs, you might find it easier to put the security checks inside the EJBs themselves and rely on Acegi Security's inbuilt pattern of setting up a ThreadLocal-bound authentication token via ContextHolder. If you do this, you can setup CAS authentication just like shown in the sample application and discussed in the reference guide. Now if you _really_ need EJB declarative security, you're going to need to write a new Jboss login module. This is because login modules must use JAAS' NameCallback and PasswordCallback to obtain the principal's details. You need those details to represent the CAS service ticket (which is the opaque value contained in the HTTP GET redirect that follows successful login by the user using the CAS servlet). The new login module will then need to validate them. Rather than write this validation stage scratch, I'd look at reusing some of the classes in net.sf.acegisecurity.providers.cas and its sub-packages and create an Authentication token that can be returned to Jboss. That Authentication token will subsequently be available to Acegi Security via the JbossIntegrationFilter, and thus any Acegi Security configuration should then work. If it were me, I'd be going with the former option and in due course refactoring the EJBs to native POJOs that can be managed directly by Spring. Best regards Ben ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
