Maciek wrote: > > From what you has written it follows that it is possible using > WebAuthentication(Filter) in JBoss and actually it should be working now, > as I use the classes you mention, on the other hand it turns out that the > web layer gives me 403 immediately (probably due to lack of login-config, > as we agreed) prevents filters from kicking in.
I hope that you don't mind if I end the topic with a small summary. It turns out that probably my initial guess was true: if I enter a protected URL as an anonymous user the web container gives me 403 immediately, because it cannot satisfy the requirements (there's no login-config in web.xml). But when I log in first via WebAuthentication+CasLoginModule and THEN attempt to enter a protected URL the privileges are already propagated and everything works as desired (both EJBs and web layer protected via JAAS). So, for those you would experience the same problem in future, a small workaround would be to hide the links to protected URLs for anonymous users, so they have to click "login" first. Additionally, a custom 403 page saying "if you haven't logged in please log in (link here)". A truly satisfying solution would be to somehow execute a filter (before the security check!) checking the requirements for the page to be visited, the CAS assertion and optionally redirecting. After solving the SSL issues the ticket validation worked out like a charm. Again, thanks for your help, excellent project. End of topic ;). -- View this message in context: http://jasig.275507.n4.nabble.com/Problems-with-CAS-ifying-a-JEE-application-using-JAAS-tp3044438p3053835.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
