[jboss-user] [Security & JAAS/JBoss] - Re: combination of JAAS
do-not-reply at jboss.com
Wed Mar 12 13:44:50 EDT 2008
This is my guess....When a Http Request is sent by the browser to a web based Jaas enabled application, the request is first intercepted by the container using j_security_check, j_user_name and j_password. Then it is jaas logged in and the HttpRequest is attached the Principal ...After that the request is passed on to the secured web app with the Request populated...However when you programatically login do you use j_security_check for the container to intercept ? I think not....Your request come directly to servlet where you use callback handlers to do jaas login...This helps to propogate your credentials to ejb container, where as web container is bypassed...
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4136058#4136058
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4136058
More information about the jboss-user