Isn't cflogin already based on JAAS? The CF (or indeed JRun) implementation just happens to be botched?
Andy On 28/03/06, Douglas Knudsen <[EMAIL PROTECTED]> wrote: > I've been wondering why the CF team has not switched over to using > J2EE security. A rewrite of cflogin code that can use JAAS would be > just swell and allow integration with non CF J2EE products without > messing with web.xml files and such, eh? > > DK > > On 3/27/06, wolf2k5 <[EMAIL PROTECTED]> wrote: > > On 3/26/06, Adam Churvis <[EMAIL PROTECTED]> wrote: > > > It doesn't work that way. Since your CFLOGINUSER call is inside a > > > CFLOGIN call, that CFLOGIN call *won't* run when the second server sees > > > your authentication cookie because CFLOGIN only runs when you are *not* > > > authenticated. > > > > Actually, according to my testing (ColdFusion 6.1 with the Updater), > > when the second server sees the cflogin cookie, it will automatically > > run the cflogin/cfloginuser code and authenticate/authorize the user. > > > > Can anyone verify this with ColdFusion MX 7? > > > > Thanks. > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236305 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
