Thanks for you're prompt answer,Scott. I'll take another look at this today,
Jules Scott M Stark wrote: > > > > Scott, > > > > Due to various changes in Jetty I am having to rework the Security > > integration. > > > > My authenticate() is not working and I'm afraid that I have a few simple > > questions ; > > > > 1. Is JBossSX working in RH yet, or am I wasting my time trying to get > > the testsuite's WebIntegrationUnitTestCase to run ? > > > I haven't looked at anything but the basic EJB security tests and these > work. > The web security integration may be broken. I'll start to look at this next > week. > There will have to be changes to support the 2.3 servlet security model that > allows a web component to assume a security role for accessing other > secured components. This will be needed to completely integrate Jetty 4 > and Tomcat 4. > > > I look up the JBossSX Security Context once for each WebApp > > > > 2. I look up the securityMgr on EVERY authenticate() - could I do this > > ONCE on WebApp creation ? > > > Yes, it is a thread safe instance that cannot change during the lifetime of > the web app. > > > 3. I look up the realmMapping EVERY time I need doesUserHaveRole() - > > ditto ? > > > Yes, its the same object as 2. > > This is not true of the authenticated Subject accessible via > java:comp/env/security/subject > but this object should not be needed for the basic web security model. > > > > > Thanks for your time, > > > > > > > > Jules > > _______________________________________________ > Jboss-development mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-development _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development