1. I don't need declarative security, because our application is ajax based
2. I need JAAS, because I'd like to use it with ejb
3. The only option I see (setting aside some perverse methods including
servlets, redirects and j_security_check) is to do login stuff manually.
So, now I'm struggling to implement a method:
void authenticateUser(HttpServletRequest, long userId, String role)
that should bind current user session to some principle with given userId and
role. User and password are already tested against DB and authorized. Now I
need JAAS to know about this.
As far as I understand, I cannot use stuff like this in a servlet
| LoginContext lc = null;
| lc = new LoginContext("Sample", new MyCallbackHandler());
| lc.login();
Can some one help me?
PS there is a lot of legacy code, so I really cannot use FORM base
authentication as my primary method of authentication
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3966917#3966917
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3966917
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
