Hello,

I have made a simply SSO solution for us using digital signature in a parameter 
of the request (We recive simple request from a third party that we trust).

My LoginModule takes the request and validates if it trust the digital 
signature of the request. If it trusts, the login is Ok.
The problem that I have is that in the web.xml <auth-method> I have to put 
FORM,BASIC,DIGEST or CLIENT-CERT. There is somthing like none? Because I don't 
want any interaction with the user, and I don't need any info (only the 
request).

What I have know is a "working" solution with the problem that the user gets a 
BASIC auth dialog asking the password, what it's entered doesn't matter because 
the Loginmodule only looks at the request.

My question is there is something like auth-method NONE, or any workarround to 
don't ask any info to the user?¿

A workarround that I have in mind, is use a nonprotected servlet in the app 
that manually puts the credentials. But, is that possible?
I have readed that in the FAQ:

anonymous wrote : Q21. How do I programatically establish an identity?
  | A21: You need to perform a JAAS login against a configuration that includes 
the JBoss ClientLoginModule. When inside of a server/multi-threaded 
environment, the multi-threaded=true and restore-login-identity=true options 
should be enabled. An example login fragment:

import javax.security.auth.login.LoginContext;
  | import org.jboss.security.auth.callback.UsernamePasswordHandler;
  | 
  |    void runAsUser(String username, String password)
  |    {
  |          UsernamePasswordHandler handler = new 
UsernamePasswordHandler(username, password);
  |          LoginContext lc = new LoginContext("client-login", handler);
  |          lc.login();
  |          // Any calls to secured resources now use the username/password 
identity
  |          ...
  |          // Clear and restore the previous identity
  |          lc.logout();
  |    }


But it isn't clear to me. Anyone have a nicer example. What I only need is to 
put a principal and role in the realm X in a unprotected servlet.


A lot of thanks in advance,


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023270#4023270

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023270

_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to