"RoleManager.login" for each one... But what a hack that would be.)
Mike
- Original Message -
From:
Lachezar
Dobrev
To: Orion-Interest
Sent: Wednesday, June 13, 2001 2:31
AM
Subject: RE: Security bug with
application clients? (More Info)
Hello.
Here I want to provide more
information on the problem.
Just for clarification.
The problem is NOT the security
itself. It works just fine.
The problem lies IMHO in caching or
something.
It is also seen only in the RMI
connection.
EXAMPLE: Consider following
ad of ClientInitialContextFact) - OK.
So what's the point?
> -Original Message-
> From: cybermaster [SMTP:[EMAIL PROTECTED]]
> Sent: &yod;&vav;&fmem; &resh;&bet;&yod;&ayin;&yod; 13 &yod;&vav;&nun;&yod; 2001 01:20
> To: Or
inal Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Endres
Sent: Tuesday, June 12, 2001 10:51 AM
To: Orion-Interest
Subject: Re: Security bug with application clients?
> I think maybe I didn't make something clear. I am using a java
"application&quo
> I think maybe I didn't make something clear. I am using a java "application"
>client, NOT a web client. As such, I cannot invalidate sessions, make posts, etc.
>
I will repeat that we have seen that Orion's InitialContext and Principal identity
features do not work. They do not work in serv
I think maybe I didn't make something clear.
I am using a java "application" client, NOT a web client. As such, I
cannot invalidate sessions, make posts, etc.
Orion seems to be written primarily as a web app
server, and I have seen very little information on using it as a direct
applicat
WRONG!!!
As I see it... There is nothing in
the post, that says SESSION or HTTP or JSP or SERVLET.
I have stumbled upon this problem
many times. I've raised that question on this list many times.
However... Except for threads like
"Orion deal blah, blah" I hardly see any meaningfu
Don't jump into the conclusions. To my limited experience the Orion's
authentication is very intelligent and tolerant to the user mistakes. For
reference you may use OCJ4 manual (Oracle app server, see mail list ). I
recommend reading it carefully.
> -Original Message-
> From: Michael Ja
its in
the "clean things up" step that something went wrong.
You
need to do a session.invalidate(), and then create a new guest session with a
session.create("true"). Here is the bit in the RequestProcessor of the
BluePrint (petstore):
if (event
instanceof LogoutEvent)
{