Howdy, I've been reading about JAAS for a while now but I am overwhelmed with the information coming at me. I'm trying to do something that is non-standard and I am not sure where to start. I think it is simple but I don't really understand where to write custom code in the jaas infrastructure. I hope someone here can give me a pointer in the right direction.
What I have now is a working web application that does authentication based on client side certificates. Because I will move this application behind an SSL accelerator, the authentication scheme also needs to change. The accelerator will put the SSL Client Distuingished Name in a HTTP header so that applications behind the accelerator know who the user is. The code for this should be simple, look at a HTTP header and extract the JAAS Subject name from that. (Only set if the certificate matches) My problem is that I cannot find the right integration point in JBoss. Where would I implement such a scheme? Or is this something that typically is implemented in the Tomcat infrastructure? I did find things like SSLAuthenticator and BasicAuthenticator there but I was not sure whether that is actually used by JBoss. Thanks, S. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3936009#3936009 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3936009 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
