OK chaps, I'm going to have a shot at providing a solution to this.
I think what is happening is that Jetty is only setting the Principal
to null after it is finished handling a request, rather than both the
Principal *and* the Credential. Therefore, when no user has been
authenticated, both Principal and Credential will be null. However,
after a user has been authenticated, there will be a thread with a null
Principal but a still set Credential.
Now I haven't fully traced back the intricacies of the security code,
but I notice that there are a few tests like:
if (username == null && password == null)
use the unauthenticatedIdentity;
I am assuming that maybe the username and password are obtained from the
thread's SecurityAssociation.getPrincipal() and
SecurityAssociation.getPassword().
So, in short I've made sure we null out *both*
SecurityAssociation.Principal and SecurityAssociation.Credential.
Update your tree to get the new
$JBOSSHOME/jetty/src/main/org/jboss/jetty/Jetty.java.
If that doesn't fix it, then I definitely give up :-)
Jan
Scott M Stark wrote:
>>>I'm not following what you meant in your original post about
>>>"I get an exception one of each 3 times..."
>>>
>>Hit refresh -> ok
>>Hit refresh -> ok
>>Hit refresh -> Error 500
>>
>>The error is thrown on any non-authenticated browser when there is an
>>authenticated one open. If you don't authenticate anyone (if you only
>>
> browse
>
>>the public zone) there is no error.
>>
>>
> That should not happen. Is the servlet accessing the ejb deployed in
> both the protected and unprotected areas? Try to reproduce the issue
> with a variation of the jbosstest-web.ear.
>
>
>>MyAuthEntry {
>> org.jboss.security.auth.spi.DatabaseServerLoginModule required
>> dsJndiName="java:/CanplasticaDS"
>> principalsQuery="SELECT PASSWORD AS Password FROM USUARIO WHERE ID=?"
>> rolesQuery="SELECT ROLE AS Role, 'Roles' AS RoleGroup FROM ROLE WHERE
>>USU_ID = ?"
>> unauthenticatedIdentity="nobody" <--------------
>>;
>>};
>>
>>Also the nobody user has a principal record, because if not it also wasn't
>>allowed to access the app.
>>
> That should work then.
>
>
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-development
>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
