-
1. Re: JAAS Authentication with JBoss - Almost there need some
ravichittari Nov 22, 2004 12:37 PM (in response to ravichittari)Looking for an answer... One of the JAAS / JBoss gurus please respond..
Thank you -
2. Re: JAAS Authentication with JBoss - Almost there need some
starksm64 Nov 23, 2004 11:30 AM (in response to ravichittari)Read the JAAS Howto and the part on the ClientLoginModule. Just doing a JAAS login in a servlet does not affect the web container security state. It sounds like your are not using container level declarative security, and so you have to add your own filters to do application level security based on the session Subject.
-
3. Re: JAAS Authentication with JBoss - Almost there need some
ravichittari Nov 26, 2004 6:33 PM (in response to ravichittari)Scott,
Thanks for your reply..
After reading your reply and reading some books, I realized that I was trying to mix two things Container managed security and Application Managed security and was getting confused.
I have decided to go with Container managed security using j_security_check and let the container pick up the roles etc from web.xml.
I also thought about going with Applicaiton Managed security which involved writing my own Servlet Filter. While doing that I looked at SecurityFilter (open source), but later decided to go with the container managed security the limited requirements I have..