On Mon, 2003-02-10 at 18:30, Craig R. McClanahan wrote: > On Sun, 10 Feb 2003, Peter Kelley wrote: > > > Date: 10 Feb 2003 17:22:53 +1100 > > From: Peter Kelley <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: Tomcat Users List <[EMAIL PROTECTED]> > > Subject: Re: Valve Access to Principal > > > > OK I'm still not sure we are talking on the same page so please bear > > with me whilst I attempt to restate what is happening. > > > > Tomcat 4.1.18 running in JDK 1.4 > > JBoss 3.0.3 running in JDK 1.3 > > > > Tomcat is running standalone in a seperate JVM to JBoss. > > Both Tomcat and JBoss are running on the same machine (although this > > configuration means that they could be running on seperate machines). > > > > Tomcat is running the JAAS login module and running a web application > > that is making standard RMI calls to EJB's that are running on the JBoss > > server. > > > > You seem to be assuming that Tomcat knows how to propogate the security > identity. It does not -- standalone Tomcat doesn't store Subjects or > Principals on a per-thread basis at all (it only caches them in the > session if there is one), and doesn't support propogation of security > identity across JVMs under any circumstances. Any such features in the > JBoss+Tomcat integration were implemented by JBoss folks, so you need to > ask them for help in understanding what is going wrong in your scenario. > > Craig > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
I've written a valve to do this and the code should be standard JAAS, not specific to JBoss. There is a class already in the Tomcat 5 source that provides utilities to do something similar. If I get this working I'll let you know, it's something that Tomcat will probably need to do to talk JAAS to application servers. If this were JBoss specific I would agree with you but what I want to do should be following the JAAS standard. -- Peter Kelley <[EMAIL PROTECTED]> Moveit Pty Ltd --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]