Custom header based authentication ---------------------------------- Key: JBAS-2283 URL: http://jira.jboss.com/jira/browse/JBAS-2283 Project: JBoss Application Server Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Security, Web (Tomcat) service Reporter: Scott M Stark Assigned To: Anil Saldhana Fix For: JBossAS-4.0.5.GA, JBossAS-5.0.0.CR1 Attachments: B19006.pdf, B19008v2.pdf, B19013.pdf We have been getting requests for custom authentication methods based around prorpietary headers/logic. The following attachments describe the oracle COREid product. B19006.pdf - high level overview of how the product works B19008v2.pdf - details of authentication protocol (p. 85 - 92) B19013.pdf - documentation about API Likely the most important part is assuming a user is who the HTTP_OBLIX_UID header says they are. The COREid server and the firewall should protect the server from unauthorized access.