Mark Benussi wrote:
Hi Edmund.
I am sorry but I don't know much about SSO.
However I can tell you about JAAS in Tomcat. In 5 certainly there are
issues. Essentially when you call the LoginModule to invoke your JAAS config
it works but it does not authenticate the proper session Subject. What you
end up doing (Or what I did) was place a request filter in the app that
wraps the request with an overridden RequestWrapper and you write your own
inUserInRole against the Subject that the LoginModule returns (By placing it
in the session)
If you want some code, taken from Wendy Smoak and others I can provide.
thanks.
I'm currently considering to write my own login module in order to share
authentication data across login contexts. i would need to access
session cookies from the module and i'm not sure how/if this can be done
yet.
i've never written a requestwrapper myself, so i can't really tell how
hard/complicated that would be. i'd be glad, if you could provide me
with some code to look at. that could certainly help me decide on how to
go on about that SSO requirement.
Edmund
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
