[jboss-user] [Security & JAAS/JBoss] - How can I get a realm under a different security domain?

snelson do-not-reply at jboss.com
Wed Feb 21 04:33:07 EST 2007


Hi,

I have an requirement for a login process not supported by FORM authentication and JAAS out of the box. I need to have two roles within an app - one which enables access to a 2nd stage logon and one which allows access to protected resources. 

With this use case I've created two login modules to process the login. The first login module is used as normal form authentication and works fine. However I would like to mimic some of the same behaviour in a custom valve to process authentication. 

As I have two login modules I have them assigned against separate application policies. The second policy is not immediately available to the webapp as I believe the jboss-web.xml file allows a single security domain. I've managed to get the LoginContext to lookup and find the login to process it manually. However there is of course some additional function that JBoss provides through the realm with form-based authentication which I require in order for a user to correctly logon to the system.

Sorry for this long rambling post but if any of the JBoss developers have some hints on what I should be looking at that would be most useful. 

Cheers,

Stephen

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4019784#4019784

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4019784



More information about the jboss-user mailing list