I don't want to waste too much of anyone's time but before I spend weeks
trying to set this configuration up I was wondering if I could describe
my configuration idea and if I could get a yes it's possible, no it's
not possible, or this configuration idea is dumb response from someone
who knows. :) If I get a yes I would really appreciate some quick
pointers to help get me started down the correct track.
Configuration:
I have several JBoss 3.2.x Servers NOT clustered together that run
different web applications. They all can have a unified authentication
and authorization system so I was thinking SSO would work well for them
all. I need form based authentication and I would like to be able to
eventually provide authentications services to the same system for
things such as Web Services too though that would be down the road. I
believe I will also need to integrate with JAAS so I can do things such
as propagate security information to EJB calls as well.
So this is what I was thinking I might be able to do:
1. Implement authentication and authorization into CAS.
2. Configure all the servers with the JBossAcegiLoginModule to
authenticate requests through CAS. (don't know if this is possible)
3. Utilize Acegi's AuthenticationProcessingFilter so that I don't have
to use J2EE standard form authentication yet configure it in such a way
that it utilizes JAAS to authenticate so that J2EE security features can
be used such as propagation of security information to local and remote
EJB calls and so that standard J2EE security features work (ie.
getCallerPrincipal(), getRemoteUser(), etc.).
4. Then, hopefully because of using CAS and Acegi if the user were to
browse to one of the other servers/web applications then I would like it
for the user to not have to authenticate again.
Would something similar to that work? Or is there some kind of other
configuration I could put together to provide the desired functionality?
The requirements basically are, integrate CAS SSO to JAAS and use
Acegi's web based authentication filters for features things such as
defaultTargetUrl.
I hope this made sense. I appreciate any feedback I get.
Regards,
Mike
---
[This E-mail scanned for viruses by Declude Virus]
-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
