"[EMAIL PROTECTED]" wrote : If that is really the extend of your web.xml security-constraint you have no authentication/authorization required.
That's right, it's more in there for completeness than anything else. In my sample application having the security sonstraint makes no difference. I'm still able to pull out the principal and credential from SecurityAssociation. I read the security faq and followed the advice to turn up the logging. It looks like the principal and credential aren't being set at all in SecurityAssociation in the application that I'm porting to JBoss. Thanks View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889265#3889265 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889265 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
