How can I make TomCat to use some kind of default user for unrestricted accesses ? I have a working JBoss+Tomcat combo. I use JAAS with a custom login module. I can create some JSP files and restrict access rights for them in the web.xml. That way only authenticated users can access them and the security context is propagated down to EJBs. That works fine as long as the JSP is access restricted to some role. But unprotected files of course don�t underlie any authentication and so EJB calls from inside them fail because of NullPointerException inside the EJBSecurityInterceptor. _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
