Hi ,
First of all let me say that I don't know Java,but I need to undestand the process of Jboss-Ldap integration.
Above what I think is the right process.
- The user login fron the browser with the servlet j_security_check (userid e pwd)
- The data are passed to jaas
- Jaas read what security-domain to apply from the file jboss-web.xml
- The file login-config.xml contain the module-login to use (in my case LdapExtend)
and the userid & password are compared with the data inside the ldap server.
If the verification is OK then the user can access to the requested resource if not the user cannot access to the resouce.
Are these the right steps?
Somewhere I read about the web.xml configuration with the type of authentication (BASIC,FORM,DIGEST,CLIENT-CERT).
I don't understand why configure this type of configuration if I already did in step 1
Somebody can explain in simple words?
Thank you
