Guys, I really appreciate your ideas. Some if these suggestions, combined with some I
got from Struts users, could lead me to something good. I will come back and post when
I've had a chance to try some things.
Thanks,
Erik
View the original post :
http://www.jboss.org/index.html?module=bb&op
Stuart this is not a good solution.
As already mentioned in the howto..
Simply perform a login in the loginContext. This will provide the Subject with the
right roles and can be loaded into the session.
To access third party system, you can use the ClientLoginModule.
View the original post
thinking about it i guess you could also write a filter that took your credentials out
of the HttpSession (assuming your Action had put them there earlier)
and do something like {from JBossSecurityMgrRealm}
Context securityCtx = null;
try
{
InitialContext iniCtx = new Initi
Scott's howto is an excellent explanation in the use of JAAS and configuring JBoss
Login Modules, far better than most other application servers.
But it doesnt cover web-application security in much depth and certainly not what you
are after. The need to do additional processing on a logon actio
Scott is the CTO and has implemented majority of the security in JBoss. You should
meet him in person to know how technically sound he is. :-)
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842606#3842606
Reply to the post :
http://www.jboss.org/index.html?m
Read this.
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=46370
Great stuff by Scott. The guy is awesome.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842604#3842604
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=
j_security_check not only authenticates the user against a speciified realm in
login-config.xml but also writes the necessary information (authenticated
identity/principal) into the thread local storage (TLS) so that security context is
propagated.
If you do your custom login authentication, i