Issue

• Is there any way to get JBoss to trust the REMOTE_USER HTTP header (passed from the web server) as authentication?
• When Oracle Access Manager(OAM) is used as for authenticating a user with WebGate on Apache and when WebGate send the authenticated user in HTTP header , is there any way to get JBoss to trust the REMOTE_USER HTTP header (passed from the web server) as authentication?
• When the application tries to fetch the authenticated user name by using request.getRemoteUser () / request.getUserPrincipal().getName(), the application receives NULL.
• Porting Web Application with third party authentication from EAP 5.1 GA to EAP 6.4GA. We are attempted to port an web application written for us sometime ago by a third party. It currently runs on JBoss 5.1 GA and we are seeking to move it to JBoss 6.4 EAP. From a functional point of view the system simply needs to check for the presence of a token in http request headers and if it is missing/invalid redirects to a corporate sign on server for the user to login. Requests to our JBoss application server with the token present are passed straight to our JBoss hosted web application. This leaves us with many questions and problems around the set up in standalone_full.xml, web.xml, jboss_web.xml, etc. Rather than bombard you with individual questions can I first ask if you can point us at better documentation / example code on how to do this or provide us with an outline we can debate?