Thanks, Charlie. :-) If this is really a bug, I don't mean that integration of Tomcat4 + JAAS will solve the problem. The reason I plan to use JAAS w/ Tomcat4 is because currently, both JBoss and Tomcat3.x authenticate and authorize differently. While JBoss supports JAAS, Tomcat3.x uses RequestInterceptor(proprietary??) to authenticate and authorize user. If you want to customize the default authentication + authorization in Tomcat, you have to create a class extends BaseInterceptor. So you do have to create 2 login modules, one for JBoss and another for Tomcat3.x, which logically function the same thing. It would make sense for me that if I can reuse JAAS login module in Tomcat. Thanks, Apichat _____________________________ Apichat Banyatsupasil On Thu, 11 Jan 2001 10:20:26 Charlie Read wrote: >[Sorry to post this here. The bugzilla page appears to be down at >jboss.org.] > >As others have reported, authorization via the JAAS framework >appears to work fine. Authentication, however, only seems to >work for separate clients, and not for web-based clients (like >servlets) running with the embedded tomcat/jBoss configuration. > >Apichat Banyatsupasil [[EMAIL PROTECTED]] has hypothesized that >the problem may stem from jBoss' implicitly trusting method-invocations >originating out of the embedded-tomcat servlet runner. Can anyone >verify this? > >Apichat has also stated that JAAS is supported in Tomcat 4.0, >but does that imply a solution for this problem, even if Tomcat 4.0 >is embedded in jBoss? > >How easy is this to fix? What are the relevant files in the source >tree? > >Charlie > > > > >-- >-------------------------------------------------------------- >To subscribe: [EMAIL PROTECTED] >To unsubscribe: [EMAIL PROTECTED] >List Help?: [EMAIL PROTECTED] > Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html -- -------------------------------------------------------------- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] List Help?: [EMAIL PROTECTED]
