2 Replies Latest reply on Jun 23, 2004 3:29 AM by Ronaldo Nascimento

    [ Confirm my doubts ] JBoss does not need the JAAS Login con

    Ronaldo Nascimento Newbie


      A webapp in Tomcat accessing session beans.
      The web and the EJB container are defined to be under the same security domain.


      In this environment, we don't need to specify a JAAS login configuration file e.g. auth.conf because the security interceptor will catch unauthenticated access to web assets and forward authentication to the JAAS. Correct ? Within JBoss, the login-config.xml in each server context serves as a replacement for the auth.conf file.

      Please correct me if there's anything wrong with my perception above.


      Euroo 2004