The problem is that the Seam security model is tightly coupled to a JAAS model of security
- i.e. the Subject class and friends. With CAS and our custom Tomcat Valve, the servlet
container associates/manages a copy of the authenticated Principal (a.k.a. userPrincipal
in Seam) with the HttpServletRequest and in the Valve, it's possible for us to make
isUserInRole() work as expected as well. It would be ideal for us if Seam allowed us to
provide or override the Principal and roles for a user (and even permissions too but
we're not using permissions directly) to the Identity component.
I would be reluctant to use the approach you show in the previous post because that's
sure to be outdated or broken with any future release of Spring - especially since there
are JIRA task(s) for the Identity component now.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033813#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...