On May 24, 2007, at 9:24 AM, Joshua Phillips wrote:
I have created a custom security valve for my SSO requirements. It
successfully populates the JAAS subject and puts in into the
session. This
allows users to log in and have the correct roles. However, the user
principal of the HttpServiceRequest is never populated. So, for
example, the
Logout link is not displayed by header.vm, which checks for the
presence of
the user principal.
My question is, besides providing my own security valve, what do I
have to
do to ensure that the basic security mechanisms work as expected?
I've read
previous threads on the security valve which were quite helpful,
but didn't
address this issue.
In the custom security valves we have implemented in the past, we had
an external authentication system we were integrating with.
A servlet filter can be used to wrapper the HttpServletRequest's
principal
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
