[JBoss-user] [Security JAAS/JBoss] - Re: How to use JAAS_HOWTO Filter example with Secure Servlet
thanks for that Scott, I was hoping that wouldnt be the conclusion. A collegue of mine suggested another solution: Use declarative security in the web tier (FORM) and once logged in the principal details are available in the EJB tier Aparantly it was not with JBoss but the container login called JAAS automatically. It sounds like the ideal solution but I guess it depends on the container implementation. I am gonna try it tonight but is there any reason why if I did a FORM authentication it would be propagated to the EJB. Lea. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3848018#3848018 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3848018 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: How to use JAAS_HOWTO Filter example with Secure Servlet
If you can use declarative security in the web tier you should as the integration with ejb tier is automatic. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3848027#3848027 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3848027 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security JAAS/JBoss] - Re: How to use JAAS_HOWTO Filter example with Secure Servlet
That is the expected behavior since the JAAS login is only setting up the security context for subsequent ejb invocations. It does not change or establish the web container security context. That could be done using a custom integration with a tomcat valve, but this would be non-trival, and in general not possible as the security settings for the war may require an SSL connection with CLIENT-CERT mutual authentication. You either have to use your own security layer via filters, delegate to the container using the standard web.xml security model, or do deep customization of tomcat to do what you want. View the original post : http://www.jboss.org/index.html?module=bbop=viewtopicp=3847894#3847894 Reply to the post : http://www.jboss.org/index.html?module=bbop=postingmode=replyp=3847894 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php ___ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user