0 Replies Latest reply on Feb 24, 2005 6:28 AM by jieshengz

    Where is SecurityAssociationValve configured?


      I tried to figure out how the container-managed security is handled when the tomcat is running inside the jboss.
      1. I found the source code for SecurityAssociationValve. However, I did not see any where this valve is configured in the server.xml and it is clearly used in JBossSecurityMgrRealm

      Principal caller = (Principal) SecurityAssociationValve.userPrincipal.get();
       if (caller == null && username == null && credentials == null)
       return null;

      Can anyone tell me where this caller data in the SecurityAssociationValve is set?

      2. The tomcat has some internal value such as the security check valve? Is this valve called before my custom valve such as FormAuthValve? Where is the valve sequence is specified?