JBoss will provide security context only on protected web resources access, declared
in the web.xml file. If you request a public resource, even if you previously
authenticated yourself, the principal associated to the request will be 'null'.
I'd suggest you check this by changing your security constraints in the web.xml in the
following way :
...
<security-constraint>
<!-- Sample Security Constraint -->
<web-resource-collection>
<web-resource-name>LoginFilterTestCollection</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
...
This means that the complete web application if protected. If you try to access any
uri associated with such web application, you should be redirected to the login page.
Once authenticated, each time you try to access any resource associated to your web
application, the principal should always be available.
Regards,
Gianluca.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3853346#3853346
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3853346
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
