[jboss-user] [Security & JAAS/JBoss] - mod_ldap and jboss

rossog do-not-reply at jboss.com
Thu Jun 26 05:54:23 EDT 2008


Hi everybody, sorry for doing silly question, but i couldn't find an answer.
I'm trying to migrate from jrun to jboss a bunch of applications.
In jrun we use apache httpd and mod_auth_ldap to authenticate users against Active Directory.
User profiling is done in the business logic of the webapp, simply calling request.getAuthType and request.getRemoteUser.
I read in SecurityFAQ this is not possible in jboss; in fact, http headers contain neither user nor auth info, on jboss side.
I tryed to (and made it work) enable security constraints and application policies; de facto, mod_ldap passes info to jboss, which processes everiting and authorize my servlets.
But still no info on remoteUser.
Is there a (programmatic or not) way to make request info available in jboss?
Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4160793#4160793

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4160793



More information about the jboss-user mailing list