Thanks for your help so far, Shane. No....My users are authenticating against a web application on a different server developed by a different group...so I've got to forward them to a login page that isn't in my Seam app.
This is the simplified sequence of events: 1) an unauthenticated user tried to access my seam app. 2) my app(via my JAAS Handler) looks for a "secure" cookie for the domain. It doesn't see it. So, it forwards them on to http://authenticate.institution.edu where they are presented with a form and authenticate to that app. That app then sets the domain-wide cookie and then forwards them back to my seam app. 3) my app sees the cookie and from the cookie knows who they are and they are then authenticated. Then they are then assigned roles(assigning roles is trivial and is not something I'm having trouble with) and they use my seam app. 4) After authentication, for every request I check(through a WS) and make sure the cookie is still valid. I do believe(because I'm not at work and don't have my app in front of me) the NotLoggedInException is thrown from Pages.redirectToLoginView() if the login view isn't set. Why didn't I set my login view? Because I don't want to redirect to a view in my app-I wanna force the JAAS Handler I wrote to run instead of redirect them. My JAAS Handler will force a redirect if necessary. Instead of forwarding to a view from the exception handler in pages.xml, is there any way I can force the authentication stuff to happen? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069888#4069888 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069888 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
