1 Reply Latest reply on Nov 23, 2004 3:20 PM by Scott Stark

    Custom handling with BASIC authentication

    cglommen Newbie

      This is actually spawning from a thread I started in JBossWS, but now it is more appropriate to be located in this forum.
      (original: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=56550).

      I still don't understand quite yet. I have three questions.

      1. What documentation exists that explains how to write a custom security interceptor?
      2. Can I use BASIC authentication with a custom security interceptor?
      3. Finally, where do I find documentation on SecurityProxy?

      I have checked the Wiki, there doesn't appear to be anything there on these. Also, I've read the very solid HOWTO documentation, linked from the Wiki, but that explicitly reads:

      The security-proxy element identifies a custom security interceptor that allows per-request security checks outside the scope of the EJB declarative security model without embedding security logic into the EJB implementation. I won't go into detail about that JBoss-specific feature, as this article focuses on using JAAS to implement the standard declarative security model.

      I would really like to find documentation on this feature, and it's availability with BASIC authentication.

        • 1. Re: Custom handling with BASIC authentication
          Scott Stark Master

          1+3 discussed in the online admin devel guide.

          2 is not revelevant. The web tier authentication is handled by the web container and after that is propagated as a principal and credential that the security domain associated with the ejb will have to validate. The type of authentication on the web tier does not affect an ejb security interceptor.