[jboss-user] [Security & JAAS/JBoss] - two authorization/authenications mechanisms in one j2ee app

[adamzrk]

Hi

  I've got big problem. There is the system on which I do work, it uses NTLM to autheticate the user. There is special authenticator - the same like NtlmHttpFilter from Jcifs, but not a servlet - a special class (which is derived from AuthenticationBase from tomcat jars) packaged as jar together with login module, which I use in my app. Login module is used to authorise the user - retrieves roles from database. 
When user enteres the app url in the browser it is automatically logged in when she/he is logged in the domain. But when not - the browser shows the window to log in. 
I need in my app the second way to authenticate and authorise the user - login and password should be matched with these from db. I wrote a special jsp and servlet to do that. I also wrote loginModule to log user from db. But how can I do authorisation - so that user roles are retrieved correctly?
Application uses ejb3 and user principal must be in the sessioncontext.
Is that possible?

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220098#4220098

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4220098