We have an application that must be run separately in two servers: the WebApp on Tomcat ( 4.1 ) and the J2EE App on JBoss. Each Webapp can access only the EJBs within a specific ear. In order to do this we are thinking in a way to "authenticate each webapp" in JBoss.
We are thinking of using JAASRealm as the entry point to JAAS layer. When the webapp is first invoked, it will call the JBoss ClientLoginModule, that will pass username and password to be authenticated in JBoss. There are 2 major problems with this solution: first, JAASRealm is meant to authenticate and authorize users ( at least we think so... ) and it isnīt being used to do it, and second, the ClientLoginModule doesnīt return the expected subject to JAASRealm. A solution would be write a LoginModule to Tomcat that do exactly the same thing as ClientLoginModule and create a subject to JAASRealm which will be considered a succesfull authorization (i.e., cheat on JAASRealm). Did anybody do this ? Is this approach correct ? Thanks !! --------------------------------- Yahoo! - We Remember 9-11: A tribute to the more than 3,000 lives lost
