Hey all! I finally got the hang of the JAAS Login Modules, and can create my own login modules against Active Directory.
Now, I'm struggling with where to create the "current user" object in the session? I'm using EJB3 beans, and I have a User Entity Bean that I want to create when the user logs in, and either store in the HTTP Session, or keep it in a Stateful Session Bean. Unfortunately, I'm not sure "where" to create this object? The JAAS modules do not have anything to do with the web sessions, and the authentication method hands off to Tomcat via j_security_check. So, I can't build the object that way. I can probably do it in a filter, but I only want the creation to be AFTER just the authentication, not on every request, as I have pages that do not need authentication. What's the general practice for creating a "currentUser" object to place in the session, while still maintaining container-managed security? Thanks everyone! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3911949#3911949 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3911949 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
