Hi Peter, may be you're comfortable with http://download.oracle.com/javase/6/docs/technotes/guides/security/jaas/JAASRefGuide.htmlfor at least an introduction into JAAS. Any further comments will be hopefully given by the Jetty masters over here.
Regards, Andreas 2010/11/25 Major Péter <[email protected]> > Hi, > > I'm trying to integrate Jetty with an SSO solution, and I'm a bit puzzled > with this new JAAS API... > The most disturbing class is UserIdentity, it contains references to > Subject and Principal, but I feel like these three classes represents the > same thing. There most be some difference, but I have no idea what that is, > and the JavaDoc well doesn't really help at all. > > What I would like to do is have an application with a filter in front of > it. If the filter thinks the user is not authenticated, it redirects to the > SSO system, then when it's back it programmatically logs into the Jetty > realm, so getremoteuser, getuserprincipal and isuserinrole all works from > the application. What I've currently done is I've created an own > JAASLoginService class, with an own IdentityService and UserIdentity (I need > to override UserIdentity to have my own isUserInRole, and IdentityService, > because that's the one that creates the UserIdentity), but I have no idea > what to do next. > I think JAASLoginService is a realm in the JAAS terminology, and when I > overrode the login method, that way I don't need to implement an own > loginmodule, but now I don't know how to programmatically log the user into > this realm. > Any hints/tips about this? > > //I'm using Jetty v7.2.0 > > Thanks for your help > > Regards, > Peter > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
