jacc

The question i'm about to ask is a bit tricky and I haven't found any answer yet. Maybe because i'm looking for the wrong thing. But i hope you will help me on this. I used the following tutorial to implement a custom SecurityContext that uses tokens instead of basic user/password authentication. Basically it initializes and injects a ResourceFilterFactory that will itself inject a ResourceFilter at every HTTP request sent to the application. This ResourceFilter searches for the "Authentication" header in the request, take its content and then authenticates the user. If the user is

I am writing a JACC provider. Along the way, this means implementing a PolicyConfiguration . The PolicyConfiguration is responsible for accepting configuration information from the application server, such as which permissions accrue to which roles. This is so that a Policy later on can make authorization decisions when handed information about the current user and what he's trying to do. However, it is not part of the PolicyConfiguration 's (atrocious) contract to maintain a mapping between roles and their permissions, and Principals that are assigned to those roles. Typically--always, really

I'm trying to obtain the HttpSession or Request in my Login Module. I already tried JACC, but it didn't work. I need this because I have to put a captcha in a login window. Maybe some JAAS ninja knows a better way to do that. I'm using kaptcha to do that. thanks in advance. Fábio Silva I do exactly that in my applications running on JBoss AS. Here's what I do to access the HttpServletRequest from within the login module: HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(HttpServletRequest.class.getName()); Then I get the session, extract the captcha and validate it