Hi!
Can someone explain how tomcat handles authentication.
My problem is, that i must access secure EJB's from my web application,
and everything work fine, if i use tomcat's basic or form
authentication, but the problem is that i cannot show login page (basic
or form), and i will use static principal & credential.
(username/password).
I have make security filter, which login to loginmodule
(org.jboss.security.ClientLoginModule) in filter, and login seems to
success.
i put subject to session, and i use it in my code:
Subject s = (Subject)
getHttpServletRequest().getSession().getAttribute("subject");
System.out.println("Delegate.test() subject: " + s);
s.doAs(null, new PrivilegedAction() {
public Object run() {
try {
DocumentControllerHomeLocal home =
((DocumentControllerHomeLocal)getRunData().getBean("documentControllerHomeLocal"));
DocumentControllerLocal local = home.create();
getEjbLocalObject(local);
setEjbLocalObject(((DocumentControllerHomeLocal)
getBean("testLocalHome")).create());
}
catch(Throwable t) {
t.printStackTrace();
}
return null;
}
});
That system.out show's me that correct principal / credential is
associated with subject, so login in success when i get home object. (by
springframework JndiAccess) but it just wont work!
authentication data is not marshalled with (home.create()) RMI call, no
matter what i try.
I have tried to search what tomcat do in different way in basic
authentication, but i am very busy, and i have no time to read all
authentication code.. so i will be very happy every help.
btw. i use jboss..
Thnx already, Artsi
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
