I'll look into supporting this use case.
>
> I think JAAS security manager definitely needs some
> change. Let's assume situation, that call comes
> with principal "null" and credential "null" - this can
> be ( and is in my context ) legitimate user, with
> some roles defined.
>
> My login m
--- Scott M Stark <[EMAIL PROTECTED]> wrote:
> The only issue with this is that the
> JaasSecurityManager is not considered
> a public API for which compatability between
> releases is a consideration.
> Your subclass of JaasSecurityManager may not work in
> latter releases.
> The public API for u
module api.
- Original Message -
From: "Konstantin Priblouda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 29, 2001 9:59 AM
Subject: Re: [JBoss-user] Security in Jboss ( JaasSecurityManager ) - question to
developers. Maybe RFE
>
> --- Sco
--- Scott M Stark <[EMAIL PROTECTED]> wrote:
> What your doing is correct, that is just a bug in
> the handling of the null
> credential. I have fixed this in main.
>
> In 2.4 there is an ability to set the principal of
> an unauthenticated user,
> but you cannot assign roles to it. It is not fo
domain's login configuration when unauthenticated
users should be given default capabilities.
- Original Message -
From: "Konstantin Priblouda" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 28, 2001 11:07 AM
Subject: [JBoss-user] Security in
Hi all,
I try to implement declarative security using Jboss.
Basic idea is to allow unauthenticated access to beans
placed under security domain.
( and those bean have to be secured )
When I attempt access from web context ( or client )
then container tries to authenticate.
( principal and c
Hi all,
I try to implement declarative security using Jboss.
Basic idea is to allow unauthenticated access to beans
placed under security domain.
( and those bean have to be secured )
When I attempt access from web context ( or client )
then container tries to authenticate.
( principal and c
