anonymous wrote : Do I understand right that I need an implementation of Valve interface running as a valve on Tomcat and for every request that has not been authenticated yet, it should connect to JBoss, perform the authentication and populate local subkect with principals received remotely from JBoss?
No. You have to establish the caller identity that is going to be authenticated as part of the ejb call by the jboss server. See the JAAS Howto or chap 8 of the admin/devel guide for how security integrates. The ClientLoginModule referenced by bocio is the standard way to propagate the security identity to the jboss ejb transport layer. If you are not obtaining the security identity from tomcat then you don't need a Valve implementation. You can use a standard servlet filter. See the JaasLoginFilter in the JAAS Howto. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873933#3873933 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873933 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
