[jboss-user] [Security & JAAS/JBoss] - JAAS: LoginModule questions
Steve++
do-not-reply at jboss.com
Mon Jan 1 12:34:58 EST 2007
I'm writing a custom LoginModule, which raises a few questions:
1. Is it possible to package a custom LoginModule implementation on a per-application basis, or does it only work server-wide?
2. Assuming a server-wide LoginModule, is it possible to have a separate login-congig.xml per application? If so, what is its relationship to the server-wide login-config.xml (i.e. which one overrides that other one in the event of conflicts)?
3. Does a LoginModule implementation automatically have the necessary security clearance to use any restricted session beans (i.e. beans annotated with @RolesAllowed) and/or session bean methods? I ask this because I want my LoginModule implementation to use a stateless session bean to access login data.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3997111#3997111
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3997111
More information about the jboss-user
mailing list