[jboss-user] [Security & JAAS/JBoss] - need advice

[kosl]

Hi,

I need advice. I'm working on security and the standard resouce securying via web.xml and j_security_check doesn't fit my needs. I would like to achieve such goals:

- Change the standard scenario: when user tries to access secured area he is redirected to login page - and then after successful authentication - get's access to secured resources. I would like to be able to redirect him sometimes first to some other page - for instance page forcing him to change the password - and only then to the requested resource,
- be able to put the login-form on any page and after logging in redirecting back to that page,
- requesting re-authentication for specific resources (and protecting access to them via SSL
- etc.

I've developed my own LoginModule and it's working perfectly but the standard solution with j_security_check and tomcat doesn't seem to fit my needs.

My question is where should I look for any information about how to achieve my goals? I've looked to the Jboss administraiton guide but still I'm not sure what to do.

Will I have to change/add something to JBoss source code?

I would be very grateful for any advice.

With Kind Regards,

Karol Oslowski

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971354#3971354

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971354