"[EMAIL PROTECTED]" wrote : to integrate with the JAAS security realm, your best bet/cleanest solution would be to write your own Tomcat Authenticator (which is actually a form of Tomcat Valve) | | Authenticators are actually pretty simple in tomcat and best source of "How To" is the tomcat source code and see how the existing Authenticators like Form, basic, etc are written. | | You should be able to write your own looking at that. | | | On the otherhand, I don't know what your authentication requirements are but most of the times LoginModules are able to create application state just fine. You have access to the HttpServletRequest, HttpServletResponse, and HttpSession inside your LoginModule, so what other objects do you need to populate/setup the proper LoginContext for your application? | | Thanks
Thanks Sohil. Yes, I do have access to the objects I need and this is what I do - * I have a servlet implemented that uses the LoginContext and invokes my security realm. It passes through the various login modules and authentication succeeds. However, JBoss Portal throws an authorization exception as the principals were never set. * If I kept everything else the same but just removed the servlet I added and used container managed authentication by using j_security_check, everything works fine and the principals are set. * The only thing to note here (just in case) is that the JAR file that contains the login module code is added as a shared library in JBoss and is used by multiple applications but I don't suppose this is causing any issues as the other application that uses the same security realm works just fine with the same set of changes. It is only JBoss Portal that complains.. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071619#4071619 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4071619 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
