At my customer we have a legacy application that used to authenticate to JBoss 4.2.3 via the web container security module in web xml over form based authentication. In our EJBs we restrict the access to method using permissions.
Now we need to throw away the web based authentication and start using a CAS server (external).
When we disabled the security constrain in the web.xml we get error from EJBs (as expected) but we do not know how to inject the principals and workaround the authentication.
The questions are:
- Do we have somewhere a documented procedure/example to integrate CAS and JBoss (in the jboss site I found only stuff about JBoss portal which is irrelevant.
- Do we have an example on how we can inject principal in a programmatic manner