Hi,
Thanks for replying...
> This thema is in deed very confusing. Here my 2 cents
> ( though I use it with tomcat )
lol, glad to hear that, im going nuts here :-)
> To be able to verify user in ejb, you need to set
> security context in bean descriptor
> ( jboss.xml )
Did that, seems to work okay. Using a testclient from the
prompt verifies that access to my ejb's are only allowed
for the correct user/pass combo...
> Whe you do login on web context, username and password
> are verified
> using login context you specified in web application
> development descriptor. When your login module gives
> OK, returned principal, credential and role sets are
> stored away in tomcat ( or jetty ) and used primarily
> to check access to web URL's.
Did that, specified /xxx/* and access to any page below
/xxx/ brings up the user/pass promt window!
> When your servlet/jsp code tries access to ejb, those
> credentials are propagated to jboss, and are verified
> again using security settings specified for the beans
> ( and those settings are not necessarily the same as
> for web context )
>
hmmm perhaps im missing something here?! Do i have to
specify allowed user/pass for both jetty ans jBoss??
(sure hope not :-)
> To perform logout off web context, you can just
> invalidate current session.
Doing a session.invalidate has absolutely no effect!
Doing a simple refresh after the invalidate will just
bring up the page again, without prompting for user/pass!
> You can also throw out any web-context login stuff,
> and
> obtain login context yourselves, provide necessary
> callbacks and call login on context.
> (just like in java client examples)
Well, that should of cource work, but i the other thing
should work... (i think?!?)
^terp
> regards,
>
> =====
> Konstantin Priblouda ( ko5tik ) Freelance Software developer
> < http://www.pribluda.de > < play java games -> http://www.yook.de >
> < render charts online -> http://www.pribluda.de/povray/ >
>
> __________________________________________________
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail
> http://personal.mail.yahoo.com/
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
