--- Scott M Stark <[EMAIL PROTECTED]> wrote:
> What your doing is correct, that is just a bug in
> the handling of the null
> credential. I have fixed this in main.
>
> In 2.4 there is an ability to set the principal of
> an unauthenticated user,
> but you cannot assign roles to it. It is not for
> allowing unauthenticated
> users access to secured beans. Rather it is for
> assigning the principal
> an unsecured bean would see by obtaining the caller
> principal when
> called by an unauthenticated user.
>
> You could come up with a generic
> UnauthenticatedLoginModule that
> would allow for the specification of the principal
> and roles that could
> be inserted into a domain's login configuration when
> unauthenticated
> users should be given default capabilities.
I looked at the issue today. What I need is a weirds
dead authentication schema. ( Bug banks like a lot of
security :) )
Due of complexity of password and principal
management, I like to handle login via session bean.
( I have different kinds of users, where different
login contexts ( web contexts ) could possibly have
the same login names.
So I have principal bean which manages passwords and
is user ID, and of course couple of beans mapping it
to login names.
Authentication from web context will be done through
session bean (and this will be different context
than ejb security context), and because all beans
require at least some role to be accessed,
I will subclass JAAS security manager to give role
"nobody" even without any credentials/principals
( what happens when unauthenticated web user tries to
access a bean )
Login modules which are used to authenticate web-users
will modify principal to hold ID of principal bean,
and this ID along with password will be propagated
to the ejb security context on EJB invocation.
Then it will be checked by another login module.
Do you see any problems with such setup?
After all I'll try to write short tutorial...
regards,
=====
Konstantin Priblouda ( ko5tik ) Freelance Software developer
< http://www.pribluda.de > < play java games -> http://www.yook.de >
< render charts online -> http://www.pribluda.de/povray/ >
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
