Hello Team, we have an existing J2EE based application where authentication mechanism was apache. Now we would like to incorporate security into our applications using JBossSX. We want role based declarative authentication. The user-id and password will be stored in Active Directory and roles information will be inside openLDAP. Note, for now we want only protection or restriction of URLs.
Q1 : Lets say we have authenticated user against Actve Directory and subject is created with user credentials. Now if the user visits second time will the authentication happens again. Can the container read roles from user Subject and validates against roles defined for restricted URL without executing login module? Let me know th ebest approach ? Q2 : Any concern in using Active Directory for user Name and Password and using openLDAP for Roles information. Q3 : Also, i want communication between JbossSX and Active Directory to be ssl based. Any input ? Thanks in Advance. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877205#3877205 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877205 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
