ah ok- I understand your situation now.
Ok in this case you have no choice but to go the Tomcat Valve/Custom Authenticator route. This is the only place you can actually grab hold of the Tomcat Session and populate it with the Subject/Principals that will be propagated through to Portal. Basically you have to simulate what the container managed security is doing inside of your own code, and not use container managed security. The sample interaction would be something like: 1/ You have a Tomcat Valve that post-processes the request on your Authentication Servlet 2/ In this Post Processing, it will grab information populated by the Servlet and populate the Principal/Subject just the way the container does for Portal when using standard JAAS mechanism For a look at how this is done, look at the Authenticator source code of Tomcat and you will be very much enlightened ;) Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4071685#4071685 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4071685 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
