The login module needs to request the information required for authentication using a custom callback handler. Then you need to install a custom javax.security.auth.callback.CallbackHandler that can provide the current request header info based on a Valve and thread local. A custom CallbackHandler can be installed using the CallbackHandlerClassName attribute of the org.jboss.security.plugins.JaasSecurityManagerService.
The existing IPAddressValve should really just be generalized to save the current HttpServletRequest. The custom CallbackHandler should be in the org.jboss.web.tomcat.security package and it should extend the default org.jboss.security.auth.callback.SecurityAssociationHandler and delegate to it any Callback it does not understand. There needs to be a unit test added to the testsuite. Look at how the JACC unit tests run on a custom configuration of jboss to see how the tests need to be setup to use the customized JaasSecurityManagerService configuration. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3866944#3866944 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3866944 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list JBoss-Development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-development