[jboss-user] [JBoss Portal] - Re: Calling JAAS

[creative77]

There are several Handlers in the Jboss security jar. I tested mine using the UserPassword handler and it worked. I gersonjohan used the client which is I believe the default method. There are several others all requiring different information passed to them. 

I'm not an expert but, the handler takes the users credentials so it can be associated to an authentication service such as the ones found in login config, used in creating a  login context. In essence it takes care of creating the principle structures and populating user information.

Once this information has been bound then as gersonjohan's code shows you just call login(). 

Note, that this method is the authentication authorization phase, and does not activate any portal permission. This is handled by filters in the web.xml file and filter classes usually reading the filter and redirecting to the secure context path. I am assuming that JBoss has handlers or managers that map the authorized user and role to the portals permissions.

In the past when I have used JAAS I put the redirect and set up permissions from my filter class. My problem is I am not sure how this is done in JBoss. 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4072023#4072023

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4072023