[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Security in Jboss - Password Capture
If the user is submitting their credentials in an HTML form, then you already have their credentials. If you are using Browser-based logon, then you'll have to write your own LoginModule. JBoss does have a way of doing SSO (Single Sign On) but I haven't delved too much into that aspect yet. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3898394#3898394 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3898394 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: JAAS Security in Jboss - Password Capture
If you are using basic authentication then yes jboss can help. You can write your own/extend the existing loginmodules to get the password. It will nto be encrypted. Even if you end up using SSL by the time the password reaches the login module it should be decrypted already. If you are using form based login, you can get the password even in tomcat. The easiest would be to put a filter to the j_security_check servlet. In the filter you can read j_password from the request. View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=3898577#3898577 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3898577 --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user