Probably the easiest way would be to subclass the SingleSignOn Valve and use the session based cache to obtain the authentication information.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Luke Taylor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 25, 2002 6:48 PM Subject: Re: [JBoss-dev] Security problem in authentication model. > Scott M Stark wrote: > > This is why the Catalina security integration implements both > > the Realm and Valve interfaces. The Realm callbacks establish > > the authentication and the Valve limits the scope of the information > > to the duration of the request. The thread of control returns to > > the Catalina pool with no thread local association. The Tomcat 3.2 > > security integration does the same thing, but it a lot more > > work because the integration interface is not as clean. > > > > Scott, > > Talking of Catalina security - there have been quite a few posts in the > forums about how to use Catalina security with standalone JBoss, as is > possible in Tomcat 3.2. There doesn't seem to be an obvious way of > getting hold of the current security information (username/password) > from a Valve in order to set up the security association with JBoss. I'm > not even sure if it's possible at all, as it seems likely that the > Catalina authenticators will junk the password once the user's been > authenticated, and it won't be available to subsequent requests. Do you > have any ideas from your work on the integrated security? > > Luke. > > -- > Luke Taylor. Monkey Machine Ltd. > PGP Key ID: 0x57E9523C http://www.mkeym.com _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
