(Second time posting.. the first one seems to have been lost) I'm using JBAS 4.2.1 and JBM 1.4.0.GA.
I've configure the sslbisocket transport. My clients all have SSL certificates and I would like to use their certificate to authenticate them via my custom loginmodule (which has been tested and works with EJBs, Tomcat, etc). I want JBM to use the principal created by the SSL connection for the getConnection() so that I do not need to pass a username and password. Looking at how the other invokers are configured, it appears that I'll need a SecurityInterceptor for the sslbisocket invoker to create a Subject from the SSL connection and then configure JBM to use a CallerIdentityLoginModule to use the already-established subject. However, I'm not sure how to put the interceptor around the jboss.remoting:service=invoker,transport=sslbisocket... as I'm not sure where that is configured. Other services seem to be configured in standardjboss.xml and jboss.xml so I'm wondering where I could do this - or if I need to modify some code to be pointed in the right direction. Also, I'd like Message Driven Beans to be able to be configured without a username and password. To accomplish this I think I'll need to configure the JmsXA resource adapter with ConfiguredIdentityLoginModule. Some confirmation of this would be appreciated. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094579#4094579 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4094579 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
