Rickard,
Thanks for the hints I will look into it and
post any of my findings if relevant
Regards,
Cor.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rickard Öberg
Sent: Sunday, February 04, 2001 18:19
To: jBoss
Subject: Re: [jBoss-User] JAAS security, login mechanism
Hi!
Cor Hofman wrote:
> I hate to dwell on this, but isn't it a little more
> complicated then that? Imagine the following:
> o A servlet/JSP implementation under which my
> servlets/JSP pages run (using a single JVM ? Probably...)
> o Several concurrent users using servlets or JSP's,
> which all have their own login.
>
> I believe that servlet/JSP implementations essentially
> use a single JVM. Using the standalone approach implies that
> only one user can login otherwise they start using each others
> identity. Using the server approach
> leaves me with the question how to tie up the correct
> login context with the proper user. Normally I would
> do that using the sessioncontext, but I do not seem to have
> any handles to reinstate a once established login context.
You would have to do it each time you want to use a bean that requires
authentication. Preferably put this code in a nice package so that you
don't have to do copy/paste so much.
Servlet 2.3 spec has a new means for doing this kind of generic custom
logic before the servlet is run. You will probably want to look into
that, and check what servlet engines support it.
regards,
Rickard
--
Rickard Öberg
Email: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
