Yeah that is a serious problem, we need Session based authentication.
marcf
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of Greg
|Wilkins
|Sent: Monday, February 25, 2002 4:31 PM
|To: [EMAIL PROTECTED]; jules
|Subject: [JBoss-dev] Security problem in
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish
the authentication and the Valve limits the scope of the information
to the duration of the request. The thread of control returns to
the Catalina pool with no thread local
OK,
I see what they are doing and will add a call to
SecurityAssociation.setPrincipal(null)
after each request.
Scott M Stark wrote:
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish
the authentication and the
Scott M Stark wrote:
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish
the authentication and the Valve limits the scope of the information
to the duration of the request. The thread of control returns to
the Catalina
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 25, 2002 6:48 PM
Subject: Re: [JBoss-dev] Security problem in authentication model.
Scott M Stark wrote:
This is why the Catalina security integration implements both
the Realm and Valve interfaces. The Realm callbacks establish