[jboss-user] [Security & JAAS/JBoss] - Re: Trust association and subject building for SSO
anil.saldhana@jboss.com
do-not-reply at jboss.com
Wed Jan 10 01:36:10 EST 2007
For the web layer, you can header based authentication. You will need some form of an authenticator. Look here for guidance:
http://wiki.jboss.org/wiki/Wiki.jsp?page=GenericHeaderBasedAuthentication
Once the login module is invoked, then the JBoss security layer takes care of the subject/caching etc. The authenticator should pluck the relevant information from the http request and then pass them to the jaas layer.
Now for the ejb layer, I guess you will have to write a new interceptor and replace the security interceptor in the container configuration in conf/standardjboss.xml or write your own container config in jboss.xml in ejb jar.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3999768#3999768
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3999768
More information about the jboss-user
mailing list