Are you using basic auth, or form auth? I would use form auth, but I don't know that it would make a difference.
You may have to secure the entire application with a role that all users will be guaranteed to have. > -----Original Message----- > From: Daniel Massie [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 30, 2003 4:58 PM > To: Struts Users Mailing List > Subject: Re: JAAS and roles attribute of logic:present > > > If I firstly go to a secured area, I am redirected to the > login page. I > log in, get sent to my original request (secure area). If I then go > immediately to an unsecure area, there is no principal or > subject (both > null). > > If I go to the unsecured area without an existing session, > there is also > no principal or subject (both null) as expected. > > Daniel > > Karr, David wrote: > > >I'm not sure what problem you're having. Are you saying > that after you > >specify your login when accessing a secured area, you then > immediately > >(before session timeout) access an unsecured area that checks > >"role=admin" and thinks you don't have that role (I would be > surprised > >if it did that)? Or is your first access (without an > existing session) > >to the unsecured area? If that's the case, then there > definitely won't > >be an existing principal. Did you think there would be? > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]