[jboss-dev-forums] [Design of JBoss Remoting, Unified Invokers] - Re: http-invoker and authentication info

[jimbrady]

Thanks for replying. It doesn't quite fit my case because in my case, I don't have the credentials (I just have a Tomcat Valve that extracts the user from a cookie and passes that through without a password.) But I have got the authentication to work (the invoker JNDIFactory is protected and it gets through that), the problem is that the principal is not getting to the session bean. I can't even get to the session bean if it is protected, and this connection rejection occurs before the marshalled invocation is established in the InvokerServlet. I can't understand why JBOSS doesn't have an answer to this, because one of the justifications for using HTTP tunneling is to establish the user credentials. 

Only protecting the JNDI interface is rather pointless from my point of view. I want to use SSO from a java application using the cookie set up from the browser.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4048263#4048263

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4048263