> -----Original Message-----
> From: Guy Katz [mailto:gkatz@(protected)]
> Sent: 18 May 2004 13:19
> To: J2EE-INTEREST@(protected)
> Subject: Re: JAAS Authentication using Servlet Filter.
>
>
> use JAASRealm to continue and use the app J2EE security
> model. use the filter if you want to take over security and
> manage it yourself (no 'real' getUserPrincipal, run as the
> same user inside the app server) my choice would be a custom realm.

If you run through the JAAS authentication in the container, why wouldn't
getUserPrincipal work?

You'd be constructing a callback handler, adding the username and password
and realm to the handler then using (possibly) the LoginContext to login()???

>
> regarding the j_security thing. this means you use container
> managed security and the j_security stuff will only be sent
> through your login form/dialog when a protected resource is
> accessed. invoking JAAS in the filter will happen just before
> the container tries to authenticate your user & pass so i
> cant see the benefit here.

I'm not going to use j_security_check, although I understand how to use it. I
want to implement custom security to work in the same way as
j_security_check...

Cheers,

Ben


********************************************************************

This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person
Thank you

Check us out at http://www.btsyntegra.com

********************************************************************

===========================================================================
To unsubscribe, send email to listserv@(protected)
of the message "signoff J2EE-INTEREST". For general help, send email to
listserv@(protected)".