Hello Team, we have an existing J2EE based application where authentication mechanism was apache. Now we would like to incorporate security into our applications using JBossSX. We want role based declarative authentication. The user-id and password will be stored in Active Directory and roles information will be inside openLDAP. Note, for now we want only protection or restriction of URLs only and not EJBs.
Q1 : Lets say we have authenticated user against Active Directory and subject is created with user credentials. Now if the user visits second time, will the authentication happens again. Can the container read roles from user Subject and validates against roles defined for restricted URL without executing login module? Let me know the best approach ? Do i need to write ClientLoginModule even though i am doing web URL restriction. Q2 : I am using Active Directory for user Name and Password authentication and openLDAP for reading Roles information, so do i need to write two LoginModules or can i integrate them. Also, which LoginModule will be best for this action. I am considering UsernamePasswordLoginModule. Thanks in Advance. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878772#3878772 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878772 ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
