The secured ejbs must also be secured under the java:/jaas/secured security-domain
for this to work. You have added:
<security-domain>java:/jaas/secured</security-domain>
to both the jboss-web.xml and jboss.xml descriptors?
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
----- Original Message -----
From: "Panagiotis Korros" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 29, 2003 8:08 AM
Subject: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x
I have a web application with a restricted area and an unrestricted
area.
The structure is the following:
/secure (webapp)
/secure/admin/ (secure area accesible only by the admin role)
/secure/admin/page1.jsp
/secure/page2.jsp (accesible by everyone)
page1.jsp and page2.jsp call the same ejb (marked us unchecked).
when i call page1.jsp the system authenticates me and then everything
works ok.
when i call page2.jsp directly without being authenticated first I get
the following error:
java.lang.RuntimeException: checkSecurityAssociation; CausedByException
is:
Authentication exception, principal=null
I used the unauthenticatedIdentity property but nothing changed.
Any ideas or solutions about the problem would be very helpful!
Korros Panagiotis.
my login-config.xml contains:
<application-policy name="secure">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>
</authentication>
</application-policy>
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
