I would like JBoss AS to handle authentication, but I would like to handle the authorization programmatically.
If a client passes username/password I would like JBoss to authenticate this request and pass the principal+roles to the servlet. If the client doesn't pass any credentials I would still like the servlet to be invoked but without any principal or roles. How can one do this? If I don't have any <security-constraint> in web.xml it doesn't seem like authentication is triggered. I don't get any principal in my servlet. If I have a <security-constraint> I must supply a role and that won't work for unauthenticated users. Is there a way to trigger authentication without having a <security-constraint> in web.xml? Thanks, Tim _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user