[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?

eschulma do-not-reply at jboss.com
Fri Feb 9 17:36:32 EST 2007

Unfortunately...I don't think there "has" to be a way, that is the problem.  The servlet spec does not require it.

If you use one of Tomcat's authentication methods -- basic, form, etc. -- the credentials carry through very nicely and it is all wonderful.  JBoss provides a way from Tomcat -> EJB layer but not vice-versa.

I am using AOP security and after the complexity of getting that running right, I'm very pleased.  I think this will do everything needed, one can protect any function with it.  You will need a JaasLoginFilter or equivalent for the web layer, plus stuffing username/password into session.

If you absolutely must do it with Tomcat, realize it's a Tomcat issue -- a custom Valve or Realm might work.  But I think that would be extremely fragile with respect to upgrades.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013922#4013922

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013922

More information about the jboss-user mailing list