The [EMAIL PROTECTED] form is also what we use in the Trifork Server/ORB...
Andy Piper wrote:
At 03:51 PM 2/10/2006, Aaron Mulder wrote:
Just to be clear, I'm talking about GSSUP authentication (where the
client sends a token containing a username and password and an encoded
domain name) not
According to the CORBA 3.0.3 spec (and I believe the original CSIv2
spec says the same):
Scoped-Username GSS Name Form
The scoped-username GSS name form is defined as follows, where name_value
and
name_scope contain a sequence of 1 or more UTF8 encoded
characters.
scoped-username ::=
Greg,
I agree that there is an amount of implementation freedom wrt. when
getUserPrincipal can be expected to return non-null depending on the
caching strategy of the container, at least when using basic login.
However, with form based login (which, in my experience, is by far the
most
The servlet 2.4 spec, section 12.7 states:
A security identity, or principal, must always be provided for use in a
call to an enterprise bean. The default mode in calls to enterprise
beans from web applications is for the security identity of a web user
to be propagated to the EJBTM
