[jboss-user] [Security & JAAS/JBoss] - Re: combination of JAAS

Wednesday, 12 March 2008

This is my guess....When a Http Request is sent by the browser to a web based Jaas enabled
application, the request is first intercepted by the container using j_security_check,
j_user_name and j_password. Then it is jaas logged in and the HttpRequest is attached the
Principal ...After that the request is passed on to the secured web app with the Request
populated...However when you programatically login do you use j_security_check for the
container to intercept ? I think not....Your request come directly to servlet where you
use callback handlers to do jaas login...This helps to propogate your credentials to ejb
container, where as web container is bypassed...

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136058#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Re: combination of JAAS