I've been working with seam and jboss for about a year and we're close to deployment. I have one major hurdle to cross before I'm satisfied however. It relates to enterprise security.
I have an enterprise grid based system where certain applications use JGroups, Seam, JBossAS and and others use Embedded JBoss + Seam + JGroups. All systems can authenticate against Microsoft's Active Directory.
In an enterprise there can be hundreds of my services running. All of this so far is working very nicely thanks to you guys.
However, I want to be able to authenticate to JBossAS and run code on other hosts based on the original logged in user. Its not authentication I'm worried about, its authorization. The authorization I'm looking for is File based.
For example, user authenticates on JBossAS against AD as a generic User/Power User/Admin etc agains AD. User runs a query and a result set is returned. The results come not from a database query but an enterprise query against my grid. User clicks on a result link in web browser where that will spawn a possible http/jndi request to access a file on a different machine.
I only want to allow access to that link if the user has sufficient privilege to the file on the remote host.
Does anyone know of a "simple" way of doing this? How do I pass the identity to my grid based services, all of which speak EJB and Seam.
I hope this makes sense to others.
Thanks so much in advance.