This is now implemented in both Jetty4 and Jetty3_1 CVS branches.
Hopefully I'll get a release of both of these out in the next week.... cheers Jung , Dr. Christoph wrote: > Greg, Jules, Luke! > > thx much for your replies. Indeed, the '*' role authentication constraint > seems to match my issue very well if it also lets through > null-authenticated/credential calls ... > > If I can help to patch SecurityHandler (jetty4 or backport to jetty3, > perhaps), please let me know. > > Otherwise, I would be glad if you could send me a notification when it is > available ... > > Thnx much, > CGJ > > -----Urspr�ngliche Nachricht----- > Von: Greg Wilkins [mailto:[EMAIL PROTECTED]] > Gesendet: Donnerstag, 31. Januar 2002 01:31 > An: Luke Taylor > Cc: 'Jboss-Development ([EMAIL PROTECTED])'; > [EMAIL PROTECTED] > Betreff: Re: [jetty-discuss] Re: [JBoss-dev] Jetty3.1.5, Axis & Basic > Authentication Problem > > > > Luke, > > I stand corrected. It is the '*' role behaviour that should be used. > The lack of any role means no access. I knew the 2.3 spec had defined > both these cases, but got them mixed up. > > Jetty4 will definitely support this style of security constraint soon. > > I think Jetty3 can also be made to support this without breaking any > existing code (but I'll think about this a bit more before changing this). > > thanks > > > > Luke Taylor wrote: > > >>Greg Wilkins wrote: >> >> > Cristoph, >> > >> > Eitherway, you do not want the semantics of NONE, you want the user >> >>>to be authenticated, but you do not care what group they are in. > >>> >> > Again, Jetty has an extension to the spec to support this. All users >> > are in the role org.mortbay.http.User. However this is implemented >> > in the HashUserRealm which is not used by JBoss. >> > >> > So for now, you must define a role that all your JBoss users are in >> > and specify an AuthConstraint for that role. >> >>Hi Greg, >> >>Wouldn't this be the same as using "*" for the role-name? I had a >>brief >>look at the servlet 2.3 spec before replying previously and that's the >>syntax it uses for "all roles". So it should then perform authentication >>and allow any user who has a role recognised by the application. >> >>Luke. >> > > > > -- Greg Wilkins<[EMAIL PROTECTED]> GB Phone: +44-(0)7092063462 Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631 http://www.mortbay.com AU Phone: +61-(0)2 98107029 _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
