Mark Benussi wrote:

Hi Edmund.

I am sorry but I don't know much about SSO.

However I can tell you about JAAS in Tomcat. In 5 certainly there are
issues. Essentially when you call the LoginModule to invoke your JAAS config
it works but it does not authenticate the proper session Subject. What you
end up doing (Or what I did) was place a request filter in the app that
wraps the request with an overridden RequestWrapper and you write your own
inUserInRole against the Subject that the LoginModule returns (By placing it
in the session)

If you want some code, taken from Wendy Smoak and others I can provide.


I'm currently considering to write my own login module in order to share authentication data across login contexts. i would need to access session cookies from the module and i'm not sure how/if this can be done yet.

i've never written a requestwrapper myself, so i can't really tell how hard/complicated that would be. i'd be glad, if you could provide me with some code to look at. that could certainly help me decide on how to go on about that SSO requirement.


To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to