Roby, anonymous wrote : | Why the web layer can't see credentials and principals (the security domain is the same)? |
Because you have not logged into a security domain (i.e. a JBoss SecurityManger.) By creating your own LoginContext, and calling login() yourself, you have by passed JBoss' security layer (i.e. container managed security.) Setting the SecurityAssociation.setSubject() is only valid for the thread that the login occured, and is not a recommended why to propagate authenticated subject. You will need to do customization to Tomcat's security system if you do not want to use Java Servlet spec. defined authentication methods. cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953790#3953790 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953790 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
