I still do not understand how we can get this feature request of delegating all authorization decisions(of course based on some configuration) including those for unsecured resources to a JACC policy provider.
The issue is simple: if there are no Security Constraints defined in the web app, no tomcat authenticators are installed for the web app. If there are no authenticators, then the question of realm does not arise. If you secure part of your web app with security constraints, then an authenticator gets installed. In that case, we will be able to delegate to a jacc provider even for the set of resources that are not secured. I need to test this though. But if we want configuration that will allow requests to pass thru a realm->JACC provider even when the web app is totally void of constraints, then I do not know how to do this. Is my understanding right or am I assuming something wrong? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3939975#3939975 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3939975 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
