> Just to back up what Jan said.... > > If you want to access beans that have security constraints, then > currently the URL must be one that has an authentication-constraint > specified. > > The happenstance that a browser is actually sending basic authentication > information to a non-authenticated URL is not enough to trigger a > call to the JBoss authentication mechanisms. You must have an > authentication > constraint. > > Do you see a need for it to be any different to this?
If (as is my case) I want the data processing to be different depending if the access is being made by the 'default' user (configurable in auth.conf) or by an authenticated user. If you want to put names to concepts, I want the general public to see which services and items are being offered, but not the prices. But if you are a customer, I want to show the prices out. Maybe I'm misunderstanding my exception, but if I got it right, an bean marked as <unchecked/> is throwing a "Authentication exception, principal=null", something that should not happen. At least, if it decides to happen, happen everytime, but not sometimes. I insist that this could be my fault, sometimes has been, let me see it when my work agenda lets me some time. _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development