-
1. Re: Tomcat 4 Jboss 3 standalone security question
starksm64 May 16, 2002 8:43 AM (in response to dcowan)You would have to write a custom realm that performs the steps of authenticating the servlet caller just as any other secure ejb client.
-
2. Re: Tomcat 4 Jboss 3 standalone security question
dcowan May 16, 2002 9:42 AM (in response to dcowan)Ok. I would think someone would have written one already. Since it sounds like no one has could you give me a little more description of everything involved. I've got a basic idea of what needs to be done, but I am sure there are details I am missing.
-
3. Re: Tomcat 4 Jboss 3 standalone security question
jwkaltz May 17, 2002 11:33 AM (in response to dcowan)We have a custom form, where username and password are entered and sent to a servlet. In this servlet, we do the jboss client stuff (meaning, the client-side lc.login() stuff as described in the documentation). Then we make an ejb call (to a secured ejb); if this call fails due to a security error, then login was not successful.
I hope this leads you on the write track.
BTW we are using Tomcat 3.3 as standalone, calling JBoss 2.4.4 -
4. Re: Tomcat 4 Jboss 3 standalone security question
amrchary Jun 24, 2002 8:51 AM (in response to dcowan)Do you call lc.login() on every HTTP request or do you do so just ONCE per user session?
Thanks,
Chary
> We have a custom form, where username and password
> are entered and sent to a servlet. In this servlet,
> we do the jboss client stuff (meaning, the
> client-side lc.login() stuff as described in the
> documentation). Then we make an ejb call (to a
> secured ejb); if this call fails due to a security
> error, then login was not successful.
>
> I hope this leads you on the write track.
>
> BTW we are using Tomcat 3.3 as standalone, calling
> JBoss 2.4.4