[jboss-user] [Security & JAAS/JBoss] - some questions on authentication

[maggu]

Hi All,
Apologize if these questions have been asked before or if they are naive, but I am writing after doing some search on the web and the forum. Do point me out to any tutorial / web resource if you think they can answer my questions.

I am relatively new to JBoss/JAAS authentication, and have successfully implemented a sample web application which uses the form based authentication method. On the server side, I have a custom class which extends the DataBaseLoginModule. My questions were the following:

1) Does one have to use form with 'j_security_check' to initialize the security workflow?
2) How could I extend this if I needed to have the username password in my HTTP request?
3) It seems like once JBoss authenticates the user, a HTTP session is maintained until the JBoss cache expires. Is this true? Meaning once logged into a web application, and if the subsequent JSP / Servlet calls fall inside the security restrictions defined in a web.xml, a session is maintained and there is no need for extra authentication on each step.
4) I understand jboss 'webauthentication' is similar but is mostly for programmatic login. Can it be used from a JSP / Swing/ .NET client?? If so how, is there any useful web resource / tutorial you could point me to?

Thanks and hoping fro some feedback from the forum.
  

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171343#4171343

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171343