Hello, Our application using a custom authentication mechanism that uses an access control filter in conjunction with an EJB to check incomming requests for a valid session id that is encoded as a request parameter e.g ?sid=123445. As this security framework does not interact with JAAS or the container in any way I cannot use methods like getUserPrinciple() or isCallerInrole() in my EJBs or Servlets (No security context is created or propagated). This is a bit of a pain as I don't want to write custom code to get this information.
I would like to know if it is possible to extend our exsiting security framework to use JAAS, or is there a workaround I can use. For example after checking the users credentials and logging the user in using our security framework can I then inform the containers security manager? I have read through the FAQ and played around with JAAS creating a security domain and using the DatabaseLoginModule with form based authentication, but I can't see a way of integrating our security with JAAS. Cheers, Hoos <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825688#3825688";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825688>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
