Re: [jboss-dev] pluggable auth-method

Hi > You can achieve by writing a tomcat authenticator and putting it in > WEB-INF/context.xml (JBAS) or META-INF/context.xml (tomcat). > > The auth-name is a string defined in the servlet spec. > thanks for the tip. What is the difference between writing a custom Tomcat authenticator and a custom LoginModule, example, org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule ? My understanding is that having custom login modules : - makes it easy to stack together different modules, as shown for ex at [1] - but requires the explicit loading of (JBoss Security) AuthenticationManager (at least when services are POJOs) cheers, Sergey [1] http://community.jboss.org/wiki/SAMLEJBIntegrationwithPicketLinkSTS > On 07/13/2010 11:35 AM, Bill Burke wrote: >> Remy, Anil, >> >> (I'm cc'ing jboss-dev for archive purposes) >> >> Sergey , a new web services/resteasy hire, has done some great work >> around OAuth lately. I'm interested in taking his stuff to the next >> level and make it consumable in a way JBoss AS users are used to >> configuring security. >> >> Specifically, I'm interested in defining a OAuth >> login-config/auth-method within web.xml i.e. >> >> <login-config> >> <auth-name>OAuth</auth-name> >> <realm-name>...</realm-name> >> </login-config> >> >> This would be an initial step, eventually I'd like to be able to >> configure a web app to support multiple authentication mechanisms, > so >> that one URL could support both OAuth and traditional clients. >> >> Is JSR 196 the way to do this? Do we support in AS6? Is there doco >> someplace? (I couldn't find with a search). >> >> Thanks, >> >> Bill