From: Scott M S. <sco...@at...> - 2003-03-12 14:34:37
|
The SecurityAssociation is the mechanism by which foreign security contexts like web containers propagate the current caller security context into the JBoss layers. The callout to the realm is a tomcat specific thing performed when the web container needs to validate access to secured content. As far as I know a realm cannot be used to propagate a session across secured contexts and this is why the single sigon on behavior is implemented as a valve. You still have to establish the callers security context via the SecurityAssociation in order to have the web application security context propagate to other JBoss components. xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: <Phi...@en...> To: <jbo...@li...> Sent: Wednesday, March 12, 2003 4:38 AM Subject: [JBoss-dev] Re: Question about SecurityAssociation > Hi Scott, > > I am deeply grateful about your fast support and I am confidently, that our > project ( new internet-portal of "Gruppe Deutsche-Boerse" > http://deutsche-boerse.com) becomes > a full success, not least by the use of JBoss. > > Well, I guess that I don't understand the background of the JBossSX yet. The > piece of code I wrote in my last mail was a part of the class > "org.jboss.web.catalina.EmbeddedCatalinaService41", > so it's the same away as in the CatalinaService, if this is configured with a > Security-Realm and accomplishes a "form-based" or "basic" authentication. Or do > I err ? > If I am right, you mean that using "SecurityAssociation.set..." only associates > a Subject or Principal with the current Thread ? Do I have to implement a custom > cache/pool to push a logged in user with his current http-session in a > "security-context" to avoid re-authentication, when asking for a secured service > (i.e. ejb), or does JBoss provides such functionalities ? > > thanks a lot > Philipp |