[jboss-as7-dev] On security context and propagation

arjan.tijms arjan.tijms at gmail.com
Tue Jul 30 17:33:24 EDT 2013


Radoslaw Rodak wrote
> Any authentication inside of AS7 (  this applies also to http logins using
> valves ) triggers JAAS login… see source code picketbox.

When doing authentication via a JASPIC (JSR 196) auth module the auth module
doesn't have to use a JAAS login module at all. Of course it's an option,
but not a requirement in any way. JASPIC does use the Subject class from
JAAS and the Callback and CallbackHandler interfaces, but that's about it
for the mandatory stuff. 

Since JASPIC is a part of the Java EE spec, it's of course automatically an
option for authentication in AS 7.




--
View this message in context: http://jboss-as7-development.1055759.n5.nabble.com/On-security-context-and-propagation-tp5711428p5712454.html
Sent from the JBoss AS7 Development mailing list archive at Nabble.com.



More information about the jboss-as7-dev mailing list