[security-dev] Picketbox Authenticating with no principal

Stuart Douglas sdouglas at redhat.com
Sun Mar 30 20:21:40 EDT 2014


I have a question about Picketbox, and how I can setup a security 
context when I don't have a real credential for an account.

Basically my use case is an apache server in front of Undertow, where 
the apache server performs the authentication and just forwards the 
authenticated principal to Undertow. From an Undertow point of view
it is easy to setup that principal as the current user, however I have 
no way to then setup the Picketbox SecurityContext object, as it appears 
that the only way to do this is with a credential.

The only way I can think of that maybe we can use a custom login module, 
that does not require a credential?

Apparently this used to work, however I have not been able to find a 
working config anywhere, and I can't see any LoginModule implementation 
in the source that look like they would do this, so I am not really sure 
how to best approach this.


More information about the security-dev mailing list