From: "Mark Benussi" <[EMAIL PROTECTED]>
The end result with my JAAS implementation was that I successfully got the
JAAS code invoked from tomcat via the LoginContext, however I had to,
excuse
my language, bastardise my app to place the Subject in the session after
authentication, and then override the Struts RequestProcessor to override
the processRoles method to lookup my Subject from the session and validate
against that.
I have *not* been following along, so this may be way off, but... are you
wrapping the request? I haven't looked, but surely the RequestProcessor is
calling 'request.isUserInRole(...)' to make its decisions.
If so, wrapping the request and overriding 'isUserInRole' might be better
than messing with the RequestProcessor.
Here's an example...
http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatRequestWrapper
HTH,
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
