[jboss-user] [JBoss Seam] - Re: Seam Security Question - Tomcat Valve
bsmithjj
do-not-reply at jboss.com
Mon Apr 2 16:01:19 EDT 2007
The problem is that the Seam security model is tightly coupled to a JAAS model of security - i.e. the Subject class and friends. With CAS and our custom Tomcat Valve, the servlet container associates/manages a copy of the authenticated Principal (a.k.a. userPrincipal in Seam) with the HttpServletRequest and in the Valve, it's possible for us to make isUserInRole() work as expected as well. It would be ideal for us if Seam allowed us to provide or override the Principal and roles for a user (and even permissions too but we're not using permissions directly) to the Identity component.
I would be reluctant to use the approach you show in the previous post because that's sure to be outdated or broken with any future release of Spring - especially since there are JIRA task(s) for the Identity component now.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033813#4033813
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033813
More information about the jboss-user
mailing list