Greg Wilkins wrote: > Cristoph, > > Eitherway, you do not want the semantics of NONE, you want the user > to be authenticated, but you do not care what group they are in. > > Again, Jetty has an extension to the spec to support this. All users > are in the role org.mortbay.http.User. However this is implemented > in the HashUserRealm which is not used by JBoss. > > So for now, you must define a role that all your JBoss users are in > and specify an AuthConstraint for that role.
Hi Greg, Wouldn't this be the same as using "*" for the role-name? I had a brief look at the servlet 2.3 spec before replying previously and that's the syntax it uses for "all roles". So it should then perform authentication and allow any user who has a role recognised by the application. Luke. -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523C http://www.mkeym.com _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
