Feature Requests item #751456, was opened at 2003-06-09 11:08 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376688&aid=751456&group_id=22866
Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Brian Stansberry (bstansberry) Assigned to: Nobody/Anonymous (nobody) Summary: Let web tier set principal/cred on InvokerServlet invocation Initial Comment: To get access to secured resources through the InvokerServlet, the calling client basically needs to use the ClientLoginModule in order to have a Principal and credential bound to the invocation. At least w/ when using the Java plug-in, applets automatically pass back to the server any session cookies that were set when the applet was loaded. I'd like JBoss to include an option where any existing authentication info associated with the web session that loaded the applet can be associated with the invocation on the server side, instead of forcing an applet to include a separate client-side login. I've attachd a diff to InvokerServlet that allows this. It adds an init-param (defaulted to false for backwards compatibility) that controls whether this behavior is turned on. If it is, when an invocation comes in, a check is made if there is a Principal bound to the invocation. If yes, we know a client-side login was performed, so the invocation is just passed to the JMX bus. If not, any Principal and credential bound to the current thread by the web tier (via SecurityAssociation) is associated with the invocation before it is passed to the JMX bus. This allows the web tier authentication mechanisms to substitute for a ClientLoginModule in the applet. The diff also includes some potential changes to the http-invoker.sar jboss-service.xml and invoker.war web.xml to give users guidance on how to configure the service to allow this behavior. These changes are commented out configuration options. Best, Brian ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=376688&aid=751456&group_id=22866 ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
