Hello, I'm researching JBoss Portal for a few projects. After browsing through the documentation, I have a few questions about JAAS and SSO. If someone has a few minutes to either go into detail on a few points or direct me to some further documentation, I'd greatly appreciate it.
As I understand the software (from the reference documentation), the permissions are mapped to roles in the jboss-portlet.xml. These roles are defined in the database and managed via the roles portlet. Obtaining authorization for a permission is done by a call to JBossRenderRequest or JBossActionRequest's hasPermission(permission) method. Are there methods to obtain the Principal or the Subject? For instance, I will need to somehow authenticate and authorize the user in my service layer which will most likely be a remote or local EJB sesssion facade. What would be considered the best practice for accomplishing this under your famework/API? Also, are there any modules written for obtaining authentication/authorization against other user stores (LDAP, etc.) or is this left to the developer to implement via some custom LoginModule or other means? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3878918#3878918 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3878918 ------------------------------------------------------- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
