"So in your case I would recommend using a Tomcat Valve to process your authentication and set up the Subjects the way JAAS does it inside Tomcat. "
Is this my ONLY option? I am not familiar with either how Tomcat valves work, or how subjects are set inside Tomcat, so it might be a little painful to get this done in a day or so :( "btw- why can't you re-use JBoss Portal's JAAS mechanism and just plug in your own LoginModule for your application specific authentication logic? " Could you elaborate on this? I've implemented a number of custom login modules that are stacked. I was able to authenticate the users against this security realm SO LONG as I used container managed authentication and j_security_check. Everything worked fine. But, I need to move away from that and explicitly initialize the LoginContext (using the same security realm) due to some other reason and that is where things are not working. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071404#4071404 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4071404 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
