I just have a few questiosn on the portability of JBoss's JAAS and security implementation.
I'm writing an application, as a hobbyist, that requires users to authenticate. It then checks certain requests against a users "rights" assignments to determine if the user has access to those rescources. So far I've been coding session persistence, authentication, and permission checking into the application itself using session ID's and such. I know JAAS has similar capabilities and can abstract the session, user and role management from me. My question is mainly on portability. I would like my application to be able to run in any J2EE container. Kinda like just swapping the JBoss specific XML for WebSphere specific XML and deploying. Will the JAAS setup be portable across application servers like this? My second question is about linking a JAAS level "users" at the application level. For instance, let's say I set up JAAS to authenticate user "andy" but user "andy" has preferences stored in CMP accessed backends. Preferences like css stylesheet selection, etc. Can I pull the JAAS user information from the app server into "application space" to be mainipulated or perhaps passed to a getCssStylesheet(String username) method? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3859643#3859643 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3859643 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user