[jboss-user] [Security & JAAS/JBoss] - Re: ExtendedFormAuthenticator touch-up

aparolini88 do-not-reply at jboss.com
Mon Nov 5 04:25:08 EST 2007


Just a though:

I have written more or less the same FormAuthValve you have for our apps ( since we don't use your SecurityAssociation object, we have our own Principal class).

I use too a threadlocal var to hold my loginexception in order to overcome the JAAS limitation, but in my implementation, I just put the populateSession() method in the forwardToErrorPage(), and not in :authenticate() and forwardtoLoginPage(). Doing so the use of notes to avoid doing the work several times is not required any more.

- antonio





View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101687#4101687

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4101687



More information about the jboss-user mailing list