These are two different things. The layer than handles the j_security_check in response to an attempt to access secured content is the web container. The web containers have interfaces defining how a security provider plugsin to provide authentication and authorization. This is the layer that handles JAAS and is provided by JBoss for Jetty and Tomcat.
-- xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
Craig Berry wrote:
Interesting, thanks. I suppose that I could take apart the source for whatever class implements j_security_check and try to mimic that, since it demonstrably does the trick. What class is that? The j_security_check mapping seems to happen "magically", as I can't find any mention of it in the various deployment descriptor files -- which is perhaps not surprising, given how the servlet spec describes it.
So, again, it sounds like my best bet is to glean ideas from whatever class implements the LoginContext -> session connection in j_security_check processing. A pointer would be most welcome. And thanks again for your assistance with this.
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
