-
1. Re: Propagating Permissions, please help
starksm64 May 12, 2005 8:06 PM (in response to optimusprime)The container has to be in control of authentication to allow propagation to other secured web resources. You would have to create a custom tomcat valve or authenticator to change the behavior at the container level. You probably just want to implement custom security in a standard filter though.
-
2. Re: Propagating Permissions, please help
fgonc May 13, 2005 12:07 PM (in response to optimusprime)I' ve the same problem. I've implemented a custom login module extending the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I've implemented the methods getUsersPassword and getRoleSets. The authentication process runs well, but the authorization does not. After logon using JAAS I make calls to EJB methods that require security roles, and I get one principal=null on my EBJ SessionContext. I think that this is a propagation problem. In the method getRoleSets I?ve created one SimpleGroup named ?Roles? and added to it two SimplePrincipals.
Group[] groups = {new SimpleGroup("Roles")};
SimplePrincipal role = new SimplePrincipal("R1");
groups[0].addMember(role);
role = new SimplePrincipal("R2");
groups[0].addMember(role);
What am I missing?