Thanks for your help so far, Shane.
No....My users are authenticating against a web application on a different server
developed by a different group...so I've got to forward them to a login page that
isn't in my Seam app.
This is the simplified sequence of events:
1) an unauthenticated user tried to access my seam app.
2) my app(via my JAAS Handler) looks for a "secure" cookie for the domain. It
doesn't see it. So, it forwards them on to
http://authenticate.institution.edu where
they are presented with a form and authenticate to that app. That app then sets the
domain-wide cookie and then forwards them back to my seam app.
3) my app sees the cookie and from the cookie knows who they are and they are then
authenticated. Then they are then assigned roles(assigning roles is trivial and is not
something I'm having trouble with) and they use my seam app.
4) After authentication, for every request I check(through a WS) and make sure the cookie
is still valid.
I do believe(because I'm not at work and don't have my app in front of me) the
NotLoggedInException is thrown from Pages.redirectToLoginView() if the login view
isn't set. Why didn't I set my login view? Because I don't want to redirect
to a view in my app-I wanna force the JAAS Handler I wrote to run instead of redirect
them. My JAAS Handler will force a redirect if necessary.
Instead of forwarding to a view from the exception handler in pages.xml, is there any way
I can force the authentication stuff to happen?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069888#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...