The [EMAIL PROTECTED] form is also what we use in the Trifork Server/ORB...
Andy Piper wrote:
At 03:51 PM 2/10/2006, Aaron Mulder wrote:
Just to be clear, I'm talking about GSSUP authentication (where the
client sends a token containing a username and password and an encoded
domain name) not
According to the CORBA 3.0.3 spec (and I believe the original CSIv2
spec says the same):
Scoped-Username GSS Name Form
The scoped-username GSS name form is defined as follows, where name_value
and
name_scope contain a sequence of 1 or more UTF8 encoded
characters.
scoped-username ::=
to reauthenticate
repeatedly, I don't think that it is commonly expected that a user is
immediatly kicked out of live login sessions if the sysadm changes the
password (talking IT systems in general).
Cheers, Jeppe
Greg Wilkins wrote:
Jeppe Sommer wrote:
I think that it is possible to read from
I think that it is possible to read from the servlet spec that
getUserPrincipal should return the current principal for an unprotected
resource. Take the following quote (servlet 2.4, section 12.10):
Being logged in to a web application corresponds precisely to there
being a valid non-null
The servlet 2.4 spec, section 12.7 states:
A security identity, or principal, must always be provided for use in a
call to an enterprise bean. The default mode in calls to enterprise
beans from web applications is for the security identity of a web user
to be propagated to the EJBTM
