I have a web-application running on a JBOSS that is configured to use container based authentication. The authentication is done by a custom LoginModule that is based on JBOSS Negotiate.
So all requests that arrive at my application have a Principal set in the HttpServletRequest. I can use this principal (and the subjects contained in it) to access backend servers.
But I now need to call a webservices that is deployed on the same JBOSS and pass this Principal / Subject to that web service so that this web service in turn is able to contact the backend systems. I need some way to serialize my Subject so I can pass it as token in the ws-security header and the web services needs to be able to recreate the Subject from that token.
Can I use Picketlink for this task ?
Can anyone point me to a sample application or the documentation about his ?
Thanks ! !
Since the WS is deployed on the same JBoss instance, when you invoke the WS, I thought the security context would be propagated to the WS.