Howdy,

I've been reading about JAAS for a while now but I am overwhelmed with the information coming at me. I'm trying to do something that is non-standard and I am not sure where to start. I think it is simple but I don't really understand where to write custom code in the jaas infrastructure. I hope someone here can give me a pointer in the right direction.

What I have now is a working web application that does authentication based on client side certificates. Because I will move this application behind an SSL accelerator, the authentication scheme also needs to change. The accelerator will put the SSL Client Distuingished Name in a HTTP header so that applications behind the accelerator know who the user is.

The code for this should be simple, look at a HTTP header and extract the JAAS Subject name from that. (Only set if the certificate matches)

My problem is that I cannot find the right integration point in JBoss. Where would I implement such a scheme?

Or is this something that typically is implemented in the Tomcat infrastructure? I did find things like SSLAuthenticator and BasicAuthenticator there but I was not sure whether that is actually used by JBoss.

Thanks,

S.