On Wed, 2 Apr 2003 03:39, Jos Visser wrote: > Hi Brian, > > I looked into the matter and posted a somewhat longwinded mail with the > complete analysis. I reckon this analysis holds for your situation too. > Please check the mail in the mailing list. If you have any more > questions, please don't hesitate to contact me...
Hi Jos, I gather from your email to the list that you have solved your problem by explicitly authenticating each incoming request before it tries to access a bean. Do you store authenticiation info in the session context and then use that for subsequent authentication as required? My problem is pretty much the same as yours and now I have a better understanding of it. I think the random working/not working nature of it is due to my login action doing a LoginContext.login() call which uses our own custom LoginModule that sets the current SecurityAssociation principal and credential during the commit phase. So now the currentthread is authenticated and each time one of my requests happens to get that same thread it is authenticated correctly otherwise it fails. Of course a side effect is that other incoming requests probably get my authenticated thread sometimes and run as me. Nasty! I came across a paper describing a way of handling jaas authentication in a struts application at http://www.mooreds.com/jaas.html which I have found useful. It also has a good list of references at the end. I will probably use a subclassed ActionServlet to handle the re-instantiation of the user's security context on each request (and to remove it on completion of the request as well, most important!) thanks for your help, brian wallis... ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
