Karr, David wrote:
Are you using basic auth, or form auth? I would use form auth, but I don't know that it would make a difference.
You may have to secure the entire application with a role that all users will be guaranteed to have.
-----Original Message-----
From: Daniel Massie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 4:58 PM
To: Struts Users Mailing List
Subject: Re: JAAS and roles attribute of logic:present
If I firstly go to a secured area, I am redirected to the login page. I log in, get sent to my original request (secure area). If I then go immediately to an unsecure area, there is no principal or subject (both null).
If I go to the unsecured area without an existing session, there is also no principal or subject (both null) as expected.
Daniel
Karr, David wrote:
I'm not sure what problem you're having. Are you sayingthat after you
specify your login when accessing a secured area, you thenimmediately
(before session timeout) access an unsecured area that checkssurprised
"role=admin" and thinks you don't have that role (I would be
if it did that)? Or is your first access (without anexisting session)
to the unsecured area? If that's the case, then theredefinitely won't
be an existing principal. Did you think there would be?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Daniel Massie http://www.dmassie.org.uk http://jbay.dmassie.org.uk
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
