Hello, I have a filter that checks every request for a valid session id (sent a a request parameter e.g sid=123) using a EJB to to the database lookup. If the session id is invallid then the user is redirected to a login page.
This setup works fine over multiple webapps using the same database. The disadvantage is that there is no interaction between my athentication mechanism and the container security, so I cannot use methods like getUserPrinciple or isUserInrole in my servlets or EJBs, if I understand this problem correctly my authenticated users simply do not have a secutrity context as i have bypassed the container security. I have read the JAAS how to and I was wondering if it is possible for my filter to or EJB to create a security context, possibly by logging the user in using JAAS, instead of directly doing an SQL query. Will this approach work over multiple webapps? Can anyone point me in the right direction, some sample code would be nice. I have seen a few pointers on this in the forum but its all a bit confusing still. Hoos View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3834309#3834309 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3834309 ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
