Hi,
Thanks for replying.... Are you saying that the session should
have attributes j_username ans j_password? Doing a session.getAttributeNames()
reveals none?! I have also tried HttpSevletRequest.getRemoteUser() and
HttpSevletRequest.getUserPrincipal() both return null !?
Also, trying a session.invalidate() or response.sendError(401,"") does not
seem to have any influence, since a refresh will refresh the page, just
as if i had passed the user and pass? I dont quite get it!
I seems as though the page is'nt secured at all, but i cant get to it without
passing user and pass? hmmmmm...
^terp
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of awc
> Sent: Sunday, July 01, 2001 11:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-user] JAAS Security question - Getting
> pricipaldata...
>
>
> According to servlet spec 2.2. The username is j_username and password
> is j_password. On tomcat this saved to user session with same name. I
> guess jetty does the same thing, I do not know. I have not used jetty.
> On log out you can do like response.sendError(401,"blabla"). That should
> redirect to login window which clears the j_username and j_password or
> you can invalidate the session and sendError(..) . That depends on what
> you wanted to do, if you like to keep the session variables and elevate
> the users login role you cannot invalidate the session.
>
> anil
>
> Torsten Terp wrote:
>
> > Hi,
> >
> > Im just starting to use the Jaas SecurityManager in my app.
> > (JBoss-2.2.2_Jetty-3.1.RC5 release).
> >
> > Im using the DatabaseServerLoginModule, and it works quite well.
> > When i go to my app in the browser i get the login screen, and
> > username and password gets verified. This principal data is used
> > by jBoss to verify access on my EJBs, great!
> >
> > Now i would like to save the name of the user which have logged
> > on to the app, and also need to log the user out when the logout
> > button is pressed. How do i do this? I.e., how do i get to the
> > LoginContext or Subject in my ejb code, do i go through the
> > JaasSecurityManager mbean?? I have a feeling this is a stupid
> > question, but it has confused me a bit :-(
> >
> > Thanks...
> >
> > ^terp
> >
> > _______________________________________________
> > JBoss-user mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
