[jboss-user] [JBoss Seam] - Re: Form-based authemtication
shamoh
do-not-reply at jboss.com
Wed Oct 17 04:50:01 EDT 2007
Out corporation has User Management (UM) application to manage users and roles for all company applications. There is no self-registration in single applications.
Out application platform is IBM WebSphere 6.1 (WAS). We have implementation of custom user registry (external JACC authorization provider), which negotiates container managed authentication/authorization.
Our applications transparently use FORM-based authentication and users are checked against UM.
This approach ensures the Subject of logged in user contains LTPA token in its private credentials. It means I can call EJB deployed in different WAS instance and this call is trusted.
So thera two + one reasons:
- all applications use same user registry
- LTPA token
+ form-based auth is "recommended" solution of out company
-lk
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4095932#4095932
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4095932
More information about the jboss-user
mailing list