aylor" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 25, 2002 6:48 PM
Subject: Re: [JBoss-dev] Security problem in authentication model.
> Scott M Stark wrote:
> > This is why the Catalina security integration implements both
> > the Realm and
Scott M Stark wrote:
> This is why the Catalina security integration implements both
> the Realm and Valve interfaces. The Realm callbacks establish
> the authentication and the Valve limits the scope of the information
> to the duration of the request. The thread of control returns to
> the Catal
OK,
I see what they are doing and will add a call to
SecurityAssociation.setPrincipal(null)
after each request.
Scott M Stark wrote:
> This is why the Catalina security integration implements both
> the Realm and Valve interfaces. The Realm callbacks establish
> the authentication and the
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish
the authentication and the Valve limits the scope of the information
to the duration of the request. The thread of control returns to
the Catalina pool with no thread local a
Yeah that is a serious problem, we need Session based authentication.
marcf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of Greg
|Wilkins
|Sent: Monday, February 25, 2002 4:31 PM
|To: [EMAIL PROTECTED]; jules
|Subject: [JBoss-dev] Security problem in
