nope and nope. I've setup JAAS in JRun, seems to work fine. In fact I setup a serverwide SSO solution using JAAS where CF can interface with it simply.
DK On 3/28/06, Andy Allan <[EMAIL PROTECTED]> wrote: > Isn't cflogin already based on JAAS? The CF (or indeed JRun) > implementation just happens to be botched? > > Andy > > On 28/03/06, Douglas Knudsen <[EMAIL PROTECTED]> wrote: > > I've been wondering why the CF team has not switched over to using > > J2EE security. A rewrite of cflogin code that can use JAAS would be > > just swell and allow integration with non CF J2EE products without > > messing with web.xml files and such, eh? > > > > DK > > > > On 3/27/06, wolf2k5 <[EMAIL PROTECTED]> wrote: > > > On 3/26/06, Adam Churvis <[EMAIL PROTECTED]> wrote: > > > > It doesn't work that way. Since your CFLOGINUSER call is inside a > > > > CFLOGIN call, that CFLOGIN call *won't* run when the second server sees > > > > your authentication cookie because CFLOGIN only runs when you are *not* > > > > authenticated. > > > > > > Actually, according to my testing (ColdFusion 6.1 with the Updater), > > > when the second server sees the cflogin cookie, it will automatically > > > run the cflogin/cfloginuser code and authenticate/authorize the user. > > > > > > Can anyone verify this with ColdFusion MX 7? > > > > > > Thanks. > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236320 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54