2 Replies Latest reply on Jun 23, 2004 3:29 AM by Ronaldo Nascimento

    [ Confirm my doubts ] JBoss does not need the JAAS Login con

    Ronaldo Nascimento Newbie

      Context:

      A webapp in Tomcat accessing session beans.
      The web and the EJB container are defined to be under the same security domain.

      Conclusion:

      In this environment, we don't need to specify a JAAS login configuration file e.g. auth.conf because the security interceptor will catch unauthenticated access to web assets and forward authentication to the JAAS. Correct ? Within JBoss, the login-config.xml in each server context serves as a replacement for the auth.conf file.

      Please correct me if there's anything wrong with my perception above.

      Regards,

      Roonaldo
      Euroo 2004