we have an existing J2EE based application where authentication mechanism was apache. Now we would like to incorporate security into our applications using JBossSX. We want role based declarative authentication. The user-id and password will be stored in Active Directory and roles information will be inside openLDAP. Note, for now we want only protection or restriction of URLs.
Q1 : Lets say we have authenticated user against Actve Directory and subject is created with user credentials. Now if the user visits second time will the authentication happens again.
Can the container read roles from user Subject and validates against roles defined for restricted URL without executing login module? Let me know th ebest approach ?
Q2 : Any concern in using Active Directory for user Name and Password and using openLDAP for Roles information.
Q3 : Also, i want communication between JbossSX and Active Directory to be ssl based. Any input ?
Thanks in Advance.
I would really appreciate if someone can share there experience .