Hey Gang, What Anil has started is correct. Extending an Authenticator can allow you to customize obtaining authentication data in Tomcat from a Request/Session. More problems pop up down the road however that make this almost impossible to do without modifing JBossSX extensively.
For example, your custom authenticator then needs to refer authentication/authorization (A/A) to a realm. Thus, the realm needs to be extended to account for additional authentication data. That said, the extended realm (which should extend org.jboss.web.tomcat.security.JBossSecurityMgrRealm) is just an interface to a security manager (usually the org.jboss.security.plugins.JAASSubjectSecurityManager) through the isValid(Principal principal, Object credential,Subject activeSubject) method call. So to include an addition authentication data item would require extending this class. I could go on about all the classes that would need to be changed to handle this, but I won't. I was hoping (even though I have not taken the time to investigate this for myself) that the work Anil has done to design/develop the next generation of JBossSX (http://jira.jboss.com/jira/browse/JBAS-2525) to implement JSR-196 would allow for such adaptablility. Please say this is so Anil? Back to the problem at hand... I would suggest doing one of two things. First try to combine your extra data into either the username or the password fields. Another less attractive approach would be to create a custom LoginModule with a ThreadLocal variable that could be set by cusom Authenticator. If you would like more detail, let me know. good luck and have a great day, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3942176#3942176 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3942176 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
