[jboss-user] [Security & JAAS/JBoss] - Re: some questions on authentication

ragavgomatam do-not-reply at jboss.com
Wed Aug 20 13:16:31 EDT 2008

Answers below :- 

(1) If you want to use JAAS for authentication, YES
(2) Passwords are NEVER stored in request. Principal can be got from the request after successful authentication by calling anonymous wrote : request.getPrincipal().
(3)After successful authentication Principal is cached till the expiry of HttpSession. Yes no, need for extra authentication till session expires.
(4) Can be used from JSP's and Servlets,. For that matter any web based client is fine this way.
Not Swing. You'll need to a typical JAAS login (with CallbackHandlers and config files) for that. No .NET client cannot do a JAAS login. 

Hope this helps

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171574#4171574

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171574

More information about the jboss-user mailing list