[jboss-user] [Security & JAAS/JBoss] - Re: some questions on authentication
do-not-reply at jboss.com
Wed Aug 20 13:16:31 EDT 2008
Answers below :-
(1) If you want to use JAAS for authentication, YES
(2) Passwords are NEVER stored in request. Principal can be got from the request after successful authentication by calling anonymous wrote : request.getPrincipal().
(3)After successful authentication Principal is cached till the expiry of HttpSession. Yes no, need for extra authentication till session expires.
(4) Can be used from JSP's and Servlets,. For that matter any web based client is fine this way.
Not Swing. You'll need to a typical JAAS login (with CallbackHandlers and config files) for that. No .NET client cannot do a JAAS login.
Hope this helps
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171574#4171574
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4171574
More information about the jboss-user