I'll look into supporting this use case.
>
> I think JAAS security manager definitely needs some
> change. Let's assume situation, that call comes
> with principal "null" and credential "null" - this can
> be ( and is in my context ) legitimate user, with
> some roles defined.
>
> My login module authenticates him, assignes roles and
> updates subject. This subject is returned to
> JaasSecurityManager, and it's happy. When it's happy
> it saves subject information into cache. With a funny
> key of "null" - which was my original principal.
>
> After successfull authentication phase comes
> authorization ( doesUserHaveRole(). Where it
> tries to lookup cached authentication information
> using "null" principal - and of course fails, despite
> the fact that my login module said OK to this.
>
> I propose to add separate storage for "null" principal
> authentication data.
>
> For now I did a quick fix - tweaking principal from
> "null" to SimplePrincipal("nobody") and everything
> works so far...
> regards,
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
