Raffael Herzog <[EMAIL PROTECTED]> wrote:
> Is it possible to grant guest access to any user without any
> authentication when using JAAS security (a default user)? If yes,
> how? If no, what's the best method to grant anyone access to the
> beans from within the embedded Tomcat? Create a login context in the
> dispatching servlet(s)?
OK, I'll try it again: How can I set a user within Tomcat? Now I get
the following exception, if I try to access any of the beans from
within Tomcat:
Authentication exception, principal=null
The user didn't login, of course. Why should he -- everyone has
read-only access, so a login page is inacceptable. I didn't see a way
to specify a default user in Tomcat (something like tomcat,
pwd=tomcat) to set it to the guest role in JBoss. I also didn't see a
way to specify guest access to anyone in the deployment descriptor of
the beans. I think it's a bad idea to create a login context within
JBoss. So what else can I do?
Is it possible that the simpliest kind of security (besides no
security at all) is impossible to realize? All I try to do for four
days is to grant read-only access to anyone and read/write access to
administrators.
And please, somebody answer! I *never* got an answer in this
group. And before you tell me RTFM: I read the FM more than once, if
it's somewhere there, please tell me where it is.
Sorry about this post, but I'm getting really annoyed about trying to
do something that simple for 4 days, 10 hours a day, without any
documentation, without any help from the mailing list, with incomplete
sources where I could look up some infos and with hours of browsing
the CVS repository trying to find a source file which is not included
in the distribution. I already destroyed several keyboards! ;-)
--
(o_ Raffael Herzog
//\ [EMAIL PROTECTED]
V_/_
May the penguin be with you!
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
