0 Replies Latest reply on Jun 26, 2008 5:54 AM by rossog

    mod_ldap and jboss

    rossog

      Hi everybody, sorry for doing silly question, but i couldn't find an answer.
      I'm trying to migrate from jrun to jboss a bunch of applications.
      In jrun we use apache httpd and mod_auth_ldap to authenticate users against Active Directory.
      User profiling is done in the business logic of the webapp, simply calling request.getAuthType and request.getRemoteUser.
      I read in SecurityFAQ this is not possible in jboss; in fact, http headers contain neither user nor auth info, on jboss side.
      I tryed to (and made it work) enable security constraints and application policies; de facto, mod_ldap passes info to jboss, which processes everiting and authorize my servlets.
      But still no info on remoteUser.
      Is there a (programmatic or not) way to make request info available in jboss?
      Thanks