The only supported way currently is to do a JAAS login with a login module
configuration that establishes your notion of a guest user. The guest username
and password are something that has to make sense when validated against
the security domain you have assigned the EJBs to.
An unsupported way to do this is to call:
org.jboss.security.SecurityAssociation.setPrincipal(new
org.jboss.security.SimplePrincipal("guest"));
org.jboss.security.SecurityAssociation.setCredential("guestPassword".toCharArray());
prior to calling the EJB. The guest principal and credential will still be validated
against the
security domain setup of the EJB.
I have it on my todo list to add support for defining the unauthenticated user
info but I don't know when it will be completed.
----- Original Message -----
From: "Raffael Herzog" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 9:14 AM
Subject: Re: [JBoss-user] Guest user
> Raffael Herzog <[EMAIL PROTECTED]> wrote:
>
> > Is it possible to grant guest access to any user without any
> > authentication when using JAAS security (a default user)? If yes,
> > how? If no, what's the best method to grant anyone access to the
> > beans from within the embedded Tomcat? Create a login context in the
> > dispatching servlet(s)?
>
> OK, I'll try it again: How can I set a user within Tomcat? Now I get
> the following exception, if I try to access any of the beans from
> within Tomcat:
>
> Authentication exception, principal=null
>
> The user didn't login, of course. Why should he -- everyone has
> read-only access, so a login page is inacceptable. I didn't see a way
> to specify a default user in Tomcat (something like tomcat,
> pwd=tomcat) to set it to the guest role in JBoss. I also didn't see a
> way to specify guest access to anyone in the deployment descriptor of
> the beans. I think it's a bad idea to create a login context within
> JBoss. So what else can I do?
>
> Is it possible that the simpliest kind of security (besides no
> security at all) is impossible to realize? All I try to do for four
> days is to grant read-only access to anyone and read/write access to
> administrators.
>
> And please, somebody answer! I *never* got an answer in this
> group. And before you tell me RTFM: I read the FM more than once, if
> it's somewhere there, please tell me where it is.
>
> Sorry about this post, but I'm getting really annoyed about trying to
> do something that simple for 4 days, 10 hours a day, without any
> documentation, without any help from the mailing list, with incomplete
> sources where I could look up some infos and with hours of browsing
> the CVS repository trying to find a source file which is not included
> in the distribution. I already destroyed several keyboards! ;-)
>
>
> --
> (o_ Raffael Herzog
> //\ [EMAIL PROTECTED]
> V_/_
> May the penguin be with you!
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
