B,
There is no requirement to extend AbstractServerLoginModule. However, your
login modules are required to use the Subject usage pattern employed by JBoss.
Extending this module ensures this pattern is used. Otherwise, just follow
directions at
Will do, and thanks for the useful information. I really hate being a noob at
something!!! (especially and app server)
B
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3946524#3946524
Reply to the post :
Thanks for the help! One more question though. . . Do I need to extend JBoss's
JAAS class, I think AbstractServerLoginContext, to get JBoss to recognize my
custom LoginModule? Thanks again for the help.
B
View the original post :
B,
If you are using Container Authentication then yes, the container does that for
you. Chapter 8 really does describe what you need well if you do not have any
unusual circumstances. To summarize...
1.) create your web app and add security-constraints to you web.xml
2.) specify your
I'm still having issues here. Is the idea to use some code to always check
request.isUserInRole(user), or does the container do that?
B
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3944287#3944287
Reply to the post :
If you want to use Tomcat embedded in JBoss and use container managed security.
Just read chapter 8 of the server guide. Embedded Tomcat security is handled
by JBoss. So what you need to learn is how JBoss handles security.
View the original post :
Thanks,
I've got the server guide for 4.0 but I haven't read it all, though I haven't
seen anything yet that describes exactly what I think I need. For instance, how
does the container determine if a user is still logged while they are browsing
through protected pages. I need secure ALL my
