Out corporation has User Management (UM) application to manage users and roles for all company applications. There is no self-registration in single applications.
Out application platform is IBM WebSphere 6.1 (WAS). We have implementation of custom user registry (external JACC authorization provider), which negotiates container managed authentication/authorization. Our applications transparently use FORM-based authentication and users are checked against UM. This approach ensures the Subject of logged in user contains LTPA token in its private credentials. It means I can call EJB deployed in different WAS instance and this call is trusted. So thera two + one reasons: - all applications use same user registry - LTPA token + form-based auth is "recommended" solution of out company -lk View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4095932#4095932 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4095932 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
