I tried to figure out how the container-managed security is handled when the tomcat is running inside the jboss. 1. I found the source code for SecurityAssociationValve. However, I did not see any where this valve is configured in the server.xml and it is clearly used in JBossSecurityMgrRealm
| Principal caller = (Principal) SecurityAssociationValve.userPrincipal.get(); | if (caller == null && username == null && credentials == null) | return null; Can anyone tell me where this caller data in the SecurityAssociationValve is set? 2. The tomcat has some internal value such as the security check valve? Is this valve called before my custom valve such as FormAuthValve? Where is the valve sequence is specified? Thanks View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3867729#3867729 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3867729 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list JBoss-Development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-development