-
1. Re: proprietary authentication mechanisms
new4jboss Jan 5, 2006 9:10 AM (in response to new4jboss)I really need help on this. Maybe a litle background info helps you helping me :)
This question fits in the context of a project where the possibility of using a load balancer working as a SSL acelerator (aka "SSL offloader") is being weighted against the power to leverage J2EE native HTTP authentication mechanisms (basic/digest/form). This is a problem because all the load balancers I'm aware of authenticate and transfer the user identity (even the certificate itself) via proprietary mechanisms (eg. special HTTP headers). So since I'm not interested in programming a security infrastructure myself, I wandered whether JBoss highly modular architecture couldn't come to the rescue with some way of plugin-in an authentication mechanism recognized by the rest of the container's security infrastructure, so that after successfull authentication, it still enabled authorization via declarative specs.
Any help whatsoever would be higly appreciated.
Nuno -
2. Re: proprietary authentication mechanisms
nigelwhite Jan 5, 2006 9:22 AM (in response to new4jboss)You can plug in your own JAAS LoginModule, so yes, you can authenticate any old way you want!
-
3. Re: proprietary authentication mechanisms
starksm64 Jan 5, 2006 11:28 AM (in response to new4jboss)Read the security chapter in the app server guide docs to get started:
http://www.jboss.com/products/jbossas/docs -
4. Re: proprietary authentication mechanisms
new4jboss Jan 5, 2006 12:31 PM (in response to new4jboss)Thanks for your help but I've been through all of that already.
I finally found an answer (unfortunately a negative one) in the thread
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73966
Thanks -
5. Re: proprietary authentication mechanisms
new4jboss Jan 5, 2006 12:31 PM (in response to new4jboss)Thanks for your help but I've been through all of that already.
I finally found an answer (unfortunately a negative one) in the thread
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=73966
Thanks -
6. Re: proprietary authentication mechanisms
new4jboss Jan 5, 2006 12:39 PM (in response to new4jboss)Also found this: http://jira.jboss.com/jira/browse/JBAS-2283
The definite NO... -
7. Re: proprietary authentication mechanisms
starksm64 Jan 5, 2006 12:45 PM (in response to new4jboss)There is no such thing as a definite no if you want to code.
http://wiki.jboss.org/wiki/Wiki.jsp?page=CustomizingSecurityUsingValves
Get involved with the devlopment of the generalization if you don't want to roll your own independent work.