1. I think that it should be called before the login configuration is
retrieved, which I think is before the LoginContext is created.
2. Yes, they should go in there.
3. Look at the commit method of the Policy context.
Regards,
Alan
-----Original Message-----
From: Jan Bartel
Sent: Wed 11/26/2003 11:52 PM
To: [EMAIL PROTECTED]
Cc:
Subject: [security] Authentication mechanism
I'm just taking a look at integrating the web tier security with
Geronimo security. I've got a couple of questions:
1. When/who should call setMBeanServer on the
GeronimoLoginConfiguration? Should I call it
just before doing a LoginContext login() call?
2. What code is responsible for configuring the SecurityRealm
instances? Should they be configurable from the
security-service.xml file?
3. I still can't work out where the mapping of the user's roles
that are retrieved by the SecurityRealm are turned into
permissions
suitable for a HttpRequest.isUserInRole() call impl?
Any pointers on any of these would be welcome.
thanks
Jan
