[jboss-user] [JBoss Web Services Development] - JBWS-2210 : CXF Username Token JAAS integration

Darran Lofthouse do-not-reply at jboss.com
Fri Apr 9 07:14:38 EDT 2010

Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] replied to the discussion

"JBWS-2210 : CXF Username Token JAAS integration"

To view the discussion, visit: http://community.jboss.org/message/536531#536531

> I see. Perhaps in some cases no authorization will be required, so just dropping an authorization interceptor will satisfy such requirements.
Yes this is where I think your two interceptor approach will help as it gives you the option of dropping the authorization one when not required.

> Sure. I saw the following code line in the JBoss Native :
> > securityAdaptor.pushSubjectContext(subject, principal, credential);
> this is probably to do with what you explained above.
Yes that line is where we push the subject onto the ThreadLocal for the request so it is ready for further checks for subsequent calls.

Following the existing code will probably help you get something up and running but do keep in mind that it was written at a time the WS stack needed to support JBoss AS 4, 5 and 6 so a final switch to the APIs recommended by Anil would be required at some point.


Reply to this message by going to Community

Start a new discussion in JBoss Web Services Development at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20100409/88d8fbc4/attachment.html 

More information about the jboss-user mailing list