Jung , Dr. Christoph wrote:
>
>
> Experimenting with an unauthenticatedPrincipal "nobody" in the
> loginmodule instead of a NONE-role also did not work, because Jetty then
> refuses
>
Hi,
I'm not an expert on this web stuff (or anything for that matter :), but
I take it the "NONE" role means "don't let anyone access this". Is that
correct? Is this a jetty specific thing 'cos I wasn't aware of its
existence? I've only seen "NONE" used as an option for the
"transport-guarantee" tag.
If you want to let authenticated users with any role (as understood by
the axis webapp) access the service (and perform access control later),
then maybe you could try
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
which *should* do this...
Or am I way off the mark?
I would say that I haven't been able to get some security stuff working
with JBoss/Jetty that has worked fine with Tomcat. I understand the
security in Jetty is a relatively recent addition and there've been one
or two hiccups, so it could be a problem with Jetty.
Can you deploy the same stuff in another container, or is it tied to
JBoss 3?
Luke.
--
Luke Taylor. Monkey Machine Ltd.
PGP Key ID: 0x57E9523C http://www.mkeym.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
