[jboss-user] [Security & JAAS/JBoss] - JAAS integration w/ 3rd party webservice stack

saspad do-not-reply at jboss.com
Sat Apr 21 10:47:30 EDT 2007

I am using Axis2/rampart webeservice/security stack.  The rampart module of Axis2 will perform WS-Security logistics.  However, it knows nothing about how to integrate with the container's security infrastructure.  Therefore, if rampart presents me with a userid/password from processing webservice security headers, I would like to be able to hand it over to the JBoss security infrastructure and let it perform JAAS authentication with the configured security domain.  It looks as easy as doing the following:

Context securityCtx = InitialContext iniCtx = new InitialContext();
securityCtx = (Context) iniCtx.lookup("java:comp/env/security");

SubjectSecurityManager securityMgr = (SubjectSecurityManager)

Principal principal = new SimplePrincipal(username);
Subject subject = new Subject();
if (securityMgr.isValid(principal, credentials, subject)) {
   // success
Is that all there is?  If success then I should be able to use the JAAS subject that will have been populated by the configured loginModules.

I need to investigate JBoss's own webservice stack, JBossWS.  Any comparison between JBossWS and Axis2 would be appreciated.  Anyway, I'm guessing JBossWS does would need to perform similar actions for WS-Security integration into the JBoss JAAS framework.  Is this what they do?  Can someone point me to the integration code?  I want to do something portably.

Thank you for any insight.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4039546#4039546

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4039546

More information about the jboss-user mailing list