I'm in the process of tracing through the components utilized in the JBoss/Tomcat integration and I was hoping someone could validate my observations of JBossSecurityMgrRealm.
The documentation states that the class is both a Valve and Realm implementation for Catalina which makes sense based on the methods present and the class declaration.
As I read through, it looks as if only simple username/password authentication methods are supported. Is this correct?
Also, the method signature that attemps to authenticate based on a chain of X509Certificate objects has a puzzling implementation.
public Principal authenticate(X509Certificate[] certs) { SimplePrincipal principal = null; Context securityCtx = getSecurityContext(); if( securityCtx == null ) { return null; } try { // Get the JBoss security manager from the ENC context EJBSecurityManager securityMgr = (EJBSecurityManager) securityCtx.lookup("securityMgr"); } catch(NamingException e) { category.error("Error during authenticate", e); } return principal; }