Hi all, we integrate two formerly independent systems - web application on Tomcat 5 and application logic on JBoss 4 (adding web-interface to allready existing business logic). Each of these systems use JAAS to determine access to web pages and to EJB methods. Both systems are deployed in different web/application archives on different servers over network and both use the same database to retrieve user/role information.
As I understand, the remote EJB's method invocation done from Tomcat will not be JAAS-authenticated for JBoss, even if the session is JAAS-authenticated on Tomcat. What we want is to authenticate the user once on the web-layer so that the privileges will be still valid for EJB which we call. Is there a common solution to this authorization issue? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873235#3873235 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873235 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
