Hi all,
I try to implement declarative security using Jboss.
Basic idea is to allow unauthenticated access to beans
placed under security domain.
( and those bean have to be secured )
When I attempt access from web context ( or client )
then container tries to authenticate.
( principal and credential are of course null )
I wrote login module, which authenticates as
principal [say] "nobody" with assigned role "nobody"
under such conditions.
Everything goes fine on the first bean invocation.
JaasSecurityManager also updates authentication cache.
On the second invocation there is an promblem -
authentication cache is there, so isValid() tries
to find information in cache. And it barfs exactly
here:
if(subjectCredential.getClass().isAssignableFrom(credential.getClass())
== false )
( well , credential is null )
And here comes the question:
Is it possible to have some kind of "default"
principal
under "default" role? With configurable behaviour?
Or is there better way to do this?
(disabling security domain on beans is not an option)
I will patch JaasSecurityManager to my needs for now.
Interested people shall ask for source.
tia,
=====
Konstantin Priblouda ( ko5tik ) Freelance Software developer
< http://www.pribluda.de > < play java games -> http://www.yook.de >
< render charts online -> http://www.pribluda.de/povray/ >
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
