We have different clients that require different authentication sources. For instance, our external clients user/pass are kept in a DB whereas our internal user/pass are kept in ActiveDirectory. I would like to extend the security layer of jboss to use the "client type" to decide which security store to authenticate against. I would also like this to be transparent to the client and do not want to deploy each service multiple times for each client type to use a different security scheme. Additionally all of the role and other security information that we use (privileges etc..) are always in the DB. So in a nutshell I would like to
1) perform authentication using a client-dependent "store" 2) retreive authorization from some other "store" What is the recommended approach to accomplish the above? I know that I can "piggy back" the "client type" parameter on the method invocation that can later be used in the security manager to "decide" where to look. Thanks, Chris View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3868283#3868283 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3868283 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
