Information about JAAS can be faound at: http://www.JAASbook.com
Hi, Trying to get a custom login through a JAAS LoginModule. Got the authentication to work (confirmed thru println()), but get back a HTTP unauthorized error in the browser. Gets to the commit() of LoginModule, where I add a "Principal" based on the one "role" defined in tomcats web.xml ... same as SampleLoginModule example. How does authorization work in general once you have a authenticated user ? Ideally, don't want to list any users or Roles in *any* tomcat config file. Possible ?
Yes. Look at your WEB-INF/web.xml: <security-constraint> ... <auth-constraint> <role-name>*</role-name> </auth-constraint> </security-constraint> -- Franck
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]