Jeetspeed will use JAAS to authenticate an user. My problem is, that I will get the remote user in the httpheader from an apache plugin. The user is authenticated allready. Now I want to set or create the user depends on the remote user. Where is the best integration point? SecurityValve? A new CallBackHandler to set the user and my own LoginModule will set and create the user? I see there is an unused PassiveCallbackHandler in the package org.apache.jetspeed.security.impl, but how do i get the remote user? I have no scop to a HttpServletRequest, but in the article "All that JASS": By creating a CallbackHandler with an HttpServletRequest argument, you can authenticate using additional information from the request, including the client's IP address. How do I can implement a CallbackHandler with an HttpServletRequest argument in the jetspeed environment.
Many thanks to every hint! :-) Michael
