permaculture playing cards*
The moose likes Other Java Products and Servers and the fly likes Tivoli Access Manager WebSEAL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » Other Java Products and Servers
Bookmark "Tivoli Access Manager WebSEAL" Watch "Tivoli Access Manager WebSEAL" New topic
Author

Tivoli Access Manager WebSEAL

Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I'm investigating securing an application deployed on JBoss using TAM with WebSEAL and am currently getting an authorization problem. It looks like the WebSEAL junction is correctly authenticating access to the web application, however the principal passed to the EJB container has no roles. Examining pdamin I can see my user exists, and is in a group.

TAM seems to rely on the JBoss ClientLoginModule and a custom valve to propagate the principal to the EJB container. Does anyone know if WebSEAL can propagate roles with a principal to an application server that is not WebSphere? Do I need to enable JACC to have JBoss query for roles itself? My understanding of JEE suggests I shouldn't have to do this, but nothing I change seems to influence the roles on the principal.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
Consider Paul's rocket mass heater.
 
subject: Tivoli Access Manager WebSEAL
 
Similar Threads
Doubt regarding configuring Authentication System for JEE application (Web + EJB)
Custom and generic JAAS module
java thin client login in Websphere
Unauthenticatedidentity previliges - JBoss security
Should Swing application connect to Web application or directly to EJB tier?