[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Login Advice
scott.stark@jboss.org
do-not-reply at jboss.com
Sat Dec 9 12:44:00 EST 2006
You cannot affect the web container security context via programatic login from the web component level. If you want to interact with the security context you need to integrate with the web container using either a tomcat valve, or a custom authenticator.
In general it does not make sense for you do be able to do a jaas login in the context of a web app call. Session ids needs to be correlated, and authentication mechanisms like CLIENT-CERT and DIGEST require that the container interact with the caller side.
http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExtendedFormAuthenticator
http://wiki.jboss.org/wiki/Wiki.jsp?page=ExternalizeTomcatAuthenticators
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992441#3992441
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3992441
More information about the jboss-user
mailing list