[jboss-user] [Security & JAAS/JBoss] - Re: JBoss/WinXP/SPNEGO, Kerberos MIT/unix, JGSS question?
neoben
do-not-reply at jboss.com
Sun Mar 15 05:26:56 EDT 2009
The ticket needs to be forwardable. If it is, in firefox, you add your website to the trusted URIs for delegation ( in about:config). At this point, you should see "context.getDelegState()=true" in the logs.
The missing bit in the jboss-negotiation project is to get the delegated credendentials and store them in the private credentials of the Subject in the SPNEGOLoginModule. It needs to be destroyed or cleared in the logout method.
Then, you will need to manage yourself the kerberos ticket and implement yourself the WS-kerberos (if your webservice is using a HTTP binding, i suppose it would be easy to secure the webservice via spnego). Jboss does not implement these things for you so, you have to take care of the ticket renewal and propagation...
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218072#4218072
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4218072
More information about the jboss-user
mailing list