Okay, makes sense, will do. Thanks for the clarification of this. I've
always found that bit confusing.
-Neal
On December 13, 2003 01:10 am, Scott M Stark wrote:
> Its a feature of the spec that the an authenticated user is not
> available via getUserPrincipal on unsecured pages. Put the user
>
Its a feature of the spec that the an authenticated user is not available
via getUserPrincipal on unsecured pages. Put the user principal in the
session and based the logic off of the existence of the user in the
session.
--
Scott Stark
Chief Technology Officer
JBoss Group,
Ah, but, if a page is *not* secured, by it being inside a declared
security-contraint url pattern, even if the user is authenticated,
getUserPrincipal() will return null. So you cannot have a page that
does not require authentication yet also have features that depend on
getUserPrincipal return
That is a trival check based on is there an authenticated user as
indicated by the getUserPrincipal() method returning null. If that
is all you want j2ee declarative security will work fine. This is
not what I would call reauthentication as the user has not accessed
any secured pages. When they do,
Just use role based security. Certain URLs can be secured by
conventional declarative security. You can use
HttpServletRequest.isUserInRole("foo") in your view layer to
conditionally display view elements based on the server roles. When a
user has not authenticated, he will have no role. He
Okay, I've seen such applications, including that on JBoss.org. When
you initially arrive at the site, you are 'guest' which means you
have been given a session, but have not authenticated. Then you can
'login' and then see other features of the application that weren't
there when you weren't l
Its not likely the j2ee declarative security fits here as there
is no notion of reauthentication, and frankly, I don't know what
it means here either. You would have to describe the user case in
more detail.
--
Scott Stark
Chief Technology Officer
JBoss Group, LLC
x
Hi All,
One of the many mysteries that I haven't yet come to understand about
securing web applications is the following:
Is it possible, with default web container security and JAAS domains,
to allow a user to automatically log into a web application as
'Guest' and then at some later time all
Hi,
another cluster question.
If I start my applcation in a clustered jboss only the machine, that last
deployed the WAR is able to provide the Web-frontend.
I have installed jboss in a local file-server-directory which is mounted on 6
machines. All Jboss-instances are strated from this directo
Original Message -
From: "Michael Angelo Libio" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, November 02, 2002 2:29 PM
Subject: [JBoss-user] Web Application Structure (WAR) within EAR
> Does the war file need to have the client jars (jboss/client/*.jar)
i
ED]>
Sent: Saturday, November 02, 2002 2:29 PM
Subject: [JBoss-user] Web Application Structure (WAR) within EAR
> Does the war file need to have the client jars (jboss/client/*.jar) included
> in its WEB-INF/lib directory? I deployed it in the ear file under a
> jboss+tomcat (embe
Does the war file need to have the client jars (jboss/client/*.jar) included
in its WEB-INF/lib directory? I deployed it in the ear file under a
jboss+tomcat (embeded) server. Do I also need to include the ejb files in
the war (WEB-INF/lib) file when I refer to it under web.xml ()?
My setup:
Use the beta2 release of the JBoss 2.2.2 + Tomcat 3.2.2 bundle that
contains an local entity resolver to avoid this problem.
- Original Message -
From: "Optima" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 14, 2001 8:32 AM
Subject: [JBoss
Hello,
Where do you find the tomcat_test.ear file?
> Optima wrote:
>
> Greetings all,
>
> Everytime I start the JBoss 2.2.2 + Tomcat 3.2.2, it requires to
> connect to check the "web.xml" in "tomcat_test.war" in
> "tomcat_test.ear". Pls advise how could I prevent it?
>
> I think that it's th
Greetings all,
Everytime I start the JBoss 2.2.2 + Tomcat 3.2.2,
it requires to connect to check the "web.xml" in "tomcat_test.war" in
"tomcat_test.ear". Pls advise how could I prevent it?
I think that it's the line in web.xml asking for
connection:
http://java.sun.com/j2ee/dtds/web-ap
15 matches
Mail list logo
