Hi Mike > >The only thing you gain by going through all of this is EJB > declarative > >security. > > Correct me if I'm wrong but another reason might be for > propagation of security information to a remote EJB? This is > mainly what I need to integrate with container managed > security for, maybe there's another way?
Good point. > >If it were me, I'd be going with the former option and in due course > >refactoring the EJBs to native POJOs that can be managed directly by > Spring. > > On that topic would it be very difficult, possible, or useful > to create a spring interceptor that initializes and wraps an > acegi threadlocal security context given the current J2EE > authenticated principal? Similar to how the Transaction and > Hibernate Interceptors work? I realize it would probably > require some sort of container specific method of obtaining > the principal associated with the current context; however, > this functionality would be very handy for those who cannot > yet ditch container managed authentication entirely. :) Any > input or guidance for such an interceptor would be greatly > appreciated as well. Sorry, I'm not a Jboss integration expert. I use POJOs! :-) I've been thinking some more about the Jboss login module proposed in my earlier reply. It might be worth trying to use the existing Acegi Security CAS integration capabilities, and then have your Jboss login module query the ContextHolder rather than rely on NameCallback and PasswordCallback. Jboss' login module would simply look for the ContextHolder, see if it contains an Authentication object, and if so, return it to Jboss. You'd need to write a new getRoleSets() that iterates the list of granted authorities. The only issue is at what point Jboss calls its login module. If the login module is called before the Acegi Security filters can setup the ContextHolder for the request, this approach would fail. However, if it worked, it would be an excellent way of handling Jboss integration with any new Acegi Security authentication models that come into existence in the future. I'd try this approach in the first instance, as it's a lot less painful than integrating directly with CAS and you can use JbossAcegiLoginModule to get you started. I'd be happy to take a look into this myself, but I just haven't the time at present... Best regards Ben ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
