Darran Lofthouse [http://community.jboss.org/people/darran.lofthouse%40jboss.com] replied to the discussion
"JBWS-2210 : CXF Username Token JAAS integration" To view the discussion, visit: http://community.jboss.org/message/536531#536531 -------------------------------------------------------------- > I see. Perhaps in some cases no authorization will be required, so just > dropping an authorization interceptor will satisfy such requirements. Yes this is where I think your two interceptor approach will help as it gives you the option of dropping the authorization one when not required. > Sure. I saw the following code line in the JBoss Native : > > securityAdaptor.pushSubjectContext(subject, principal, credential); > > this is probably to do with what you explained above. Yes that line is where we push the subject onto the ThreadLocal for the request so it is ready for further checks for subsequent calls. Following the existing code will probably help you get something up and running but do keep in mind that it was written at a time the WS stack needed to support JBoss AS 4, 5 and 6 so a final switch to the APIs recommended by Anil would be required at some point. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/536531#536531] Start a new discussion in JBoss Web Services Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2047]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
