Re: Building authorization provider that gets roles from HTTP headers? - Weblogic
This is a discussion on Re: Building authorization provider that gets roles from HTTP headers? - Weblogic ; "David M. Karr" wrote in message
news:3f0b41ea$1@newsgroups.bea.com...
>
> I'm investigating how to build security providers that integrate WLS with
"perimeter
> authentication". I see it's pretty straightforward to implement the
identity
> assertion provider, but I'm not sure how ...
-
Re: Building authorization provider that gets roles from HTTP headers?
"David M. Karr" wrote in message
news:3f0b41ea$1@newsgroups.bea.com...
>
> I'm investigating how to build security providers that integrate WLS with
"perimeter
> authentication". I see it's pretty straightforward to implement the
identity
> assertion provider, but I'm not sure how the authorization provider would
work.
> My perimeter authentication mechanism will likely be providing the role
information
> in HTTP headers also. How would that work?
>
There is a context handler passed to the role mapper provider. It can get
access to the the
servlet request via the HttpServletRequest context name.
