Chris,
there is no real overhead in the existence of the valve and is necessary
(not just for identity propogation but also to associate the
SecurityAssociation info with the request thread).
TomcatDeployer.java :-
| /* Add security association valve after the authorization
| valves so that the authenticated user may be associated with the
| request thread/session.
| */
| SecurityAssociationValve valve = new
SecurityAssociationValve(metaData,
| config.getSecurityManagerService());
| valve.setSubjectAttributeName(config.getSubjectAttributeName());
| server.invoke(objectName, "addValve",
| new Object[]{valve},
| new String[]{"org.apache.catalina.Valve"});
|
Moral: This valve is a JBoss internal valve and should not be removed. :-)
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3938469#3938469
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3938469
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
