You don't need a seperate context root just for the checked vs unchecked because your two port-component-uri elements could be mapped to seperate security-contraint elements in the web.xml. For example:
| <jboss> | <session> | <ejb-name>BasicSecuredSLSB</ejb-name> | <jndi-name>ejb/BasicSecuredSLSB</jndi-name> | <port-component> | <port-component-name>BasicSecured</port-component-name> | <port-component-uri>/ws4ee-samples-ejb/BasicSecured</port-component-uri> | <auth-method>BASIC</auth-method> | <auth-constraint> | <description>Only authenticated users can access secure content</description> | <role-name>AuthenticatedUser</role-name> | </auth-constraint> | <transport-guarantee>NONE</transport-guarantee> | </port-component> | | <port-component> | <port-component-name>Unsecured</port-component-name> | <port-component-uri>/ws4ee-samples-ejb/Unsecured</port-component-uri> | <transport-guarantee>NONE</transport-guarantee> | </port-component> | </session> | | </jboss> | would map to a web.xml with a context root of /ws4ee-samples-ejb and the following security-constraint elements: | <web-app> | <security-constraint> | <web-resource-collection> | <web-resource-name>BasicSecured</web-resource-name> | <url-pattern>/BasicSecured/*</url-pattern> | </web-resource-collection> | <auth-constraint> | <description>Only authenticated users can access secure content</description> | <role-name>ExternalAuthUser</role-name> | </auth-constraint> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | <security-constraint> | <web-resource-collection> | <web-resource-name>Unsecured</web-resource-name> | <url-pattern>/Unsecured/*</url-pattern> | </web-resource-collection> | <user-data-constraint> | <transport-guarantee>NONE</transport-guarantee> | </user-data-constraint> | </security-constraint> | | </web-app> | Only one port-component can specify an auth-method, or they have to be the same as there can only be one auth-method per web app. Having multiple forms of authentication for a single ejb is what would require multiple web deployments/context-roots. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3876461#3876461 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3876461 ------------------------------------------------------- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
