In a javax.servlet.Filter you can acces the authenticated/authorizated Principal where
you can add your own values to the Principal. The Principal will travel to the ejb
context where you can retrieve the values you put in the Principal. For this you
probably need to define your own Principal.
Thanks for all you're help but I already read that topic and applied it to my own
LoginModule.
I will try to be more clear now:
This is the isMember(Principal member) method I wrote in my custom Group class.
| public class MyGroup extends MyPrincipal implements Group {
|
| ...
|
|
It is build in into JBoss 3.2.4 and thus also 3.2.5. I have an application working
with my own Principal on both 3.2.4 and 3.2.5.
I added a http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842117#3842117
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=repl
That's correct I wrote my own getRoleSets() and I can get al the roles for every
company for that user, but when the users authorization is checked the boolean
isMember(Principal member) method of the Group is called here is where I need to
check if the user has the correct role for that compan
Maybe it's possible for you to use a filter instead of a servlet. (servlet2.3 specs).
The filter is always executed before handling the request in a servlet. I though you
can filter you're request before it's authenticated by Tomcat/JBoss but than again I
think the authentication is executed bef
Thanks looks like a solution, I look into it.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842110#3842110
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842110
---
I must be possible to make the login page dynamic using an server side action (e.g. a
Struts action, login.do). In this action you can forward to the login in page you want
depending on your module.
Hope this is what you where looking for.
View the original post :
http://www.jboss.org/index.ht
Thank you for your reply but for me this isn't the solution, cause if have a dynamic
company. In your solution only the 'id_usuario' can be replaced, what I would like to
have is a database query like this:
select roles from userroles where userid=? AND company=?
In this query both userid and c
I have a situation in which the roles a Subject gets depends not only on the username
but also on for example a company.
e.g.
user1 has roles 'guest' and 'admin' for company1 but
user1 has only role 'guest' for company2.
I solved this now by writing my own LoginModule in which I use my own defin
It would be nice to be able to deploy the security domain for a web application. (just
like a datasource).
Now i wrote an ant target that adds a security domain to / modifies an existing
security domain in the login-config.xml. The reason I would this is that I can patch a
JBoss server with the
You perform the authentication / authorization within the web application environment
and not in the ejb application environment. So your principal is only available inside
your webserver (tomcat) and not in the ejb application environment.
If you don't want security in your webapplication how d
I'm sorry I can't help you with an anwser, because I'm having the same problem. If
there is a solution I would hear it too.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840105#3840105
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting
12 matches
Mail list logo
