I've written a very small library that allows you to fully delegate
authentication to a security domain/login module. I implemented this to
support integration with a RESTful token service (Openstack Keystone).
https://github.com/resteasy/Resteasy/tree/master/jaxrs/security/skeleton-...
AFAICT, you pretty much have to go through the Realm/Security domain
execution path if you want principals and roles set up correctly to work
with EE security. So doing all protocol work in the Valve just wasn't
gonna cut it. This small library tunnels the catalina Request object (so
you can access info not in HTtpServletRequest) as well as a
HttpServletRespones via a ThreadLocal. Thats about it.
What I'd also like to do is write a web metadata processor that allowed
you to set the auth-method in web.xml to something like:
<login-config>
<auth-method>Securty Domain</auth-method>
<realm-name>java://jaas/myDomain</realm-name>
</login-config>
And it would automatically set up the correct valve and security domain
so you wouldn't have to create a jboss-web.xml. If there is interest
I'll add this and submit a pull request to AS7. Otherwise, I'll just
keep doing what I'm doing.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com