Bugs item #418997, was updated on 2001-04-25 16:55 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=418997&group_id=22866 Category: JBossServer Group: v2.3 (unstable) Status: Open Resolution: None Priority: 5 Submitted By: Scott M Stark (starksm) Assigned to: Scott M Stark (starksm) Summary: Need support for unauthenticated users Initial Comment: JBoss needs support for: J2EE Spec 1.2, Section 3.4.1.4 Unauthenticated Users Web containers are required to support access to web resources by clients that have not authenticated themselves to the container. This is the common mode of access to web resources on the Internet. A web container reports that no user has been authenticated by returning null from the HttpServletRequest method getUserPrincipal. The EJB specification requires that the EJBContext method getCallerPrincipal always return a valid Principal object. It can never return null. However, it’s important that components running in a web container be able to call enterprise beans, even when no user has been authenticated in the web container. When a call is made in such a case from a component in a web container to an enterprise bean, a J2EE product must provide a principal for use in the call. A J2EE product may provide a principal for use by unauthenticated callers using many approaches, including, but not limited to: - Always use a single distinguished principal. - Use a different distinguished principal per server, or per session, or per application. - Allow the deployer or system administrator to choose which principal to use. This specification does not specify how a J2EE product should choose a principal to represent unauthenticated users, although future versions of this specification may add requirements in this area. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=376685&aid=418997&group_id=22866 _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-development
