[jboss-user] [Security & JAAS/JBoss] - Re: Integration of Custom Client and Server Login Modules
kearns
do-not-reply at jboss.com
Mon Jul 17 11:50:00 EDT 2006
hi,
In the commit() of the client login module I add to the subject:
subject.getPrincipals().addAll(tempPrincipals);
subject.getPublicCredentials().addAll(tempCredentials);
where tempCredentials contains the property name-value pairs:
c.setProperty("nhs number", nhsNum);
c.setProperty("customer id", custId);
The passive callback handlers PassiveCallbackHandler has constructor that takes a username and password so its handle() method does not have to prompt the user for input. This information is supplied by a JUnit test or by a jsp which gets the information from a HTML form. There is no peripheral security restrictions.
It is the custId that needs to be visible to the custom server login module.
At this time the application is deployed on my desktop running a default JBoss server.
Hope this helps. Cheers
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958514#3958514
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958514
More information about the jboss-user
mailing list