Rickard,
I hate to dwell on this, but isn't it a little more
complicated then that? Imagine the following:
o A servlet/JSP implementation under which my
servlets/JSP pages run (using a single JVM ? Probably...)
o Several concurrent users using servlets or JSP's,
which all have their own login.
I believe that servlet/JSP implementations essentially
use a single JVM. Using the standalone approach implies that
only one user can login otherwise they start using each others
identity. Using the server approach
leaves me with the question how to tie up the correct
login context with the proper user. Normally I would
do that using the sessioncontext, but I do not seem to have
any handles to reinstate a once established login context.
Regards,
Cor.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rickard Öberg
Sent: Sunday, February 04, 2001 17:22
To: jBoss
Subject: Re: [jBoss-User] JAAS security, login mechanism
Cor Hofman wrote:
> That's indeed very simple. But it makes me
> wonder if I could run into trouble when I
> use this mechanism within a servlet. How
> do I avoid that I have to login over and
> over again? Because I think I do not have
> any control over the thread my servlet is
> running in. Or am I approaching this issue
> from the wrong side?
Simple again: it's configurable whether to associate the login info with
a thread (=server usage) or the entire JVM (=standalone app usage).
Check the archives and (I think) manuals for references.
regards,
Rickard
--
Rickard Öberg
Email: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
