This is actually spawning from a thread I started in JBossWS, but now it is more appropriate to be located in this forum.
(original: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=56550).
I still don't understand quite yet. I have three questions.
1. What documentation exists that explains how to write a custom security interceptor?
2. Can I use BASIC authentication with a custom security interceptor?
3. Finally, where do I find documentation on SecurityProxy?
I have checked the Wiki, there doesn't appear to be anything there on these. Also, I've read the very solid HOWTO documentation, linked from the Wiki, but that explicitly reads:
The security-proxy element identifies a custom security interceptor that allows per-request security checks outside the scope of the EJB declarative security model without embedding security logic into the EJB implementation. I won't go into detail about that JBoss-specific feature, as this article focuses on using JAAS to implement the standard declarative security model.
I would really like to find documentation on this feature, and it's availability with BASIC authentication.