Greg, Jules, Luke! thx much for your replies. Indeed, the '*' role authentication constraint seems to match my issue very well if it also lets through null-authenticated/credential calls ...
If I can help to patch SecurityHandler (jetty4 or backport to jetty3, perhaps), please let me know. Otherwise, I would be glad if you could send me a notification when it is available ... Thnx much, CGJ -----Ursprüngliche Nachricht----- Von: Greg Wilkins [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 31. Januar 2002 01:31 An: Luke Taylor Cc: 'Jboss-Development ([EMAIL PROTECTED])'; [EMAIL PROTECTED] Betreff: Re: [jetty-discuss] Re: [JBoss-dev] Jetty3.1.5, Axis & Basic Authentication Problem Luke, I stand corrected. It is the '*' role behaviour that should be used. The lack of any role means no access. I knew the 2.3 spec had defined both these cases, but got them mixed up. Jetty4 will definitely support this style of security constraint soon. I think Jetty3 can also be made to support this without breaking any existing code (but I'll think about this a bit more before changing this). thanks Luke Taylor wrote: > Greg Wilkins wrote: > > > Cristoph, > > > > Eitherway, you do not want the semantics of NONE, you want the user > > to be authenticated, but you do not care what group they are in. > > > Again, Jetty has an extension to the spec to support this. All users > > are in the role org.mortbay.http.User. However this is implemented > > in the HashUserRealm which is not used by JBoss. > > > > So for now, you must define a role that all your JBoss users are in > > and specify an AuthConstraint for that role. > > Hi Greg, > > Wouldn't this be the same as using "*" for the role-name? I had a > brief > look at the servlet 2.3 spec before replying previously and that's the > syntax it uses for "all roles". So it should then perform authentication > and allow any user who has a role recognised by the application. > > Luke. -- Greg Wilkins<[EMAIL PROTECTED]> GB Phone: +44-(0)7092063462 Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631 http://www.mortbay.com AU Phone: +61-(0)2 98107029 _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
