[jboss-user] [Security & JAAS/JBoss] - Re: Programmatic Authentication in JBoss?
eschulma
do-not-reply at jboss.com
Fri Feb 9 17:36:32 EST 2007
Unfortunately...I don't think there "has" to be a way, that is the problem. The servlet spec does not require it.
If you use one of Tomcat's authentication methods -- basic, form, etc. -- the credentials carry through very nicely and it is all wonderful. JBoss provides a way from Tomcat -> EJB layer but not vice-versa.
I am using AOP security and after the complexity of getting that running right, I'm very pleased. I think this will do everything needed, one can protect any function with it. You will need a JaasLoginFilter or equivalent for the web layer, plus stuffing username/password into session.
If you absolutely must do it with Tomcat, realize it's a Tomcat issue -- a custom Valve or Realm might work. But I think that would be extremely fragile with respect to upgrades.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013922#4013922
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013922
More information about the jboss-user
mailing list