[jboss-user] [Security & JAAS/JBoss] - Re: Jboss SSO Web Application
sohil.shah@jboss.com
do-not-reply at jboss.com
Thu Nov 2 00:00:10 EST 2006
You actually bring up a good point about not wanting to use JAAS.
Although I recommend JAAS for obvious benefits (standard, identity propagation through various layers in the container etc)
if some light weigh app wants to do custom login behavior, maybe there might be value in creating a contract very much like the IdentityManager that will let custom login usecases do what they do, but still keep token management inside the valves in the framework.
The key is to figure out what the contract between the framework and the custom login behavior will be....
thinking along the lines of what objects need to be created and place in what scope (request,session) etc
I will have to think about this one ;)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3982558#3982558
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3982558
More information about the jboss-user
mailing list