I am wanting to use this JSR to integrate Glassfish with IBM Tivoli Access Manager WebSEAL. WebSEAL provides Authentication information in the header of the HttpServletRequest.
So what I've done is create a class that implements the ClientAuthModule. I've installed in into Glassfish and created a httpservlet message security provider with it. The problem is that I get a 500 server error if I try and use it to secure the request.
Now, if I change the interface to be the ServerAuthModule, then I can see it properly calling the provider. But this does me no good because I need to secure the request, not the response.
I'm looking for help to determine how I can find out what the 500 error is, as there is nothing in the server log for the domain. I'm also looking for assistance to determine if I am using this API correctly.
What I want to do is populate the Subject with information from the header that is provided by WebSEAL. Then have these Principals be used within J2EE security (ie. web.xml security constraints).
Thanks
[Message sent by forum member 'athrawn17' (athrawn17)]
http://forums.java.net/jive/thread.jspa?messageID=258211