[jboss-user] [JBoss Seam] - Re: Form-based authemtication

Wednesday, 17 October 2007

Out corporation has User Management (UM) application to manage users and roles for all
company applications. There is no self-registration in single applications.

Out application platform is IBM WebSphere 6.1 (WAS). We have implementation of custom user
registry (external JACC authorization provider), which negotiates container managed
authentication/authorization.

Our applications transparently use FORM-based authentication and users are checked against
UM.

This approach ensures the Subject of logged in user contains LTPA token in its private
credentials. It means I can call EJB deployed in different WAS instance and this call is
trusted.

So thera two + one reasons:
- all applications use same user registry
- LTPA token
+ form-based auth is "recommended" solution of out company

-lk

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4095932#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [JBoss Seam] - Re: Form-based authemtication