[jboss-user] [Security & JAAS/JBoss] - Re: Trust association and subject building for SSO

ganesh_asha do-not-reply at jboss.com
Wed Jan 10 06:15:10 EST 2007 

Hi Anil,
Thanks a lot for instant reply and your interest.

Firstly queries about your first reply
Anil: You have talked about web layer and ejb layer. Well yes we do have separate interceptors for both layer but if I use form based authentication for web layer then the same user information is passed on to the ejb layer. I am looking for the same kind of solution that if I use the GenericHeaderBasedAuthentication for my web layer then the same information should be propagated to EJB layer. Update me if I am wrong.

Secondly you have talked about Jboss security layer and Jaas layer. Let us elaborate these terms for common understanding
Jboss security layer: the components which determine that the requested resource is protected or not and user is already authenticated or not. I am looking out for these components but not able to do so. Kindly provide information on the same that which components are doing this. Again update me if I am wrong.

And the Jaas layer: it is the login module and security manager, realm mapping interface implementation doing authentication and role mapping

Now coming back to the original problem, I can clearly envisage and divide the problem into two parts.

1.How to get user information (from user in form, basic authentication or from headers in Generic header based authentication) and put it into cache

2. Validate the user information and associate the roles

Way ahead for problem 1
Use the GenericHeaderBasedAuthentication or some other valve of tomcat and get the information from header rather then asking the user and cache it with the container. 


Way ahead for problem 2
Modify the login module so that it don?t use the database but use the same information provided in headers for validation and role mapping.

Priority wise first we are implementing the solution for problem 2, as it is more critical and it can eliminate the use of DB/LDAP. Secondly we will solve the problem 1.

The information is detailed out so other users can also use the same without loosing time.

Thanks again for help.

Thanks & Regards,
Ganesh


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3999856#3999856

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3999856

More information about the jboss-user mailing list