[security-dev] Picketbox Authenticating with no principal

Anil Saldhana Anil.Saldhana at redhat.com
Mon Mar 31 10:25:34 EDT 2014

On 03/30/2014 07:21 PM, Stuart Douglas wrote:
> Hi,
> I have a question about Picketbox, and how I can setup a security
> context when I don't have a real credential for an account.
> Basically my use case is an apache server in front of Undertow, where
> the apache server performs the authentication and just forwards the
> authenticated principal to Undertow. From an Undertow point of view
> it is easy to setup that principal as the current user, however I have
> no way to then setup the Picketbox SecurityContext object, as it appears
> that the only way to do this is with a credential.
You can create a security context directly and set it on the 
You should not authenticate via PicketBox in this case.

You will need to authorize the web resources. This implies you will need 
to get the roles
for the principal in question.

Stefan can guide more.

> The only way I can think of that maybe we can use a custom login module,
> that does not require a credential?
> Apparently this used to work, however I have not been able to find a
> working config anywhere, and I can't see any LoginModule implementation
> in the source that look like they would do this, so I am not really sure
> how to best approach this.
> Stuart

More information about the security-dev mailing list