Jung , Dr. Christoph wrote: > > > Experimenting with an unauthenticatedPrincipal "nobody" in the > loginmodule instead of a NONE-role also did not work, because Jetty then > refuses >
Hi, I'm not an expert on this web stuff (or anything for that matter :), but I take it the "NONE" role means "don't let anyone access this". Is that correct? Is this a jetty specific thing 'cos I wasn't aware of its existence? I've only seen "NONE" used as an option for the "transport-guarantee" tag. If you want to let authenticated users with any role (as understood by the axis webapp) access the service (and perform access control later), then maybe you could try <auth-constraint> <role-name>*</role-name> </auth-constraint> which *should* do this... Or am I way off the mark? I would say that I haven't been able to get some security stuff working with JBoss/Jetty that has worked fine with Tomcat. I understand the security in Jetty is a relatively recent addition and there've been one or two hiccups, so it could be a problem with Jetty. Can you deploy the same stuff in another container, or is it tied to JBoss 3? Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523C http://www.mkeym.com _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development