[security-dev] Picketbox Authenticating with no principal
sdouglas at redhat.com
Sun Mar 30 20:21:40 EDT 2014
I have a question about Picketbox, and how I can setup a security
context when I don't have a real credential for an account.
Basically my use case is an apache server in front of Undertow, where
the apache server performs the authentication and just forwards the
authenticated principal to Undertow. From an Undertow point of view
it is easy to setup that principal as the current user, however I have
no way to then setup the Picketbox SecurityContext object, as it appears
that the only way to do this is with a credential.
The only way I can think of that maybe we can use a custom login module,
that does not require a credential?
Apparently this used to work, however I have not been able to find a
working config anywhere, and I can't see any LoginModule implementation
in the source that look like they would do this, so I am not really sure
how to best approach this.
More information about the security-dev