[EMAIL PROTECTED] wrote:
Yes, that's correct. I am using http basic authentication, which means that
when a page get's rendered, the user is already authenticated and there is
no possiblity to re-show the login screen again, because the browser caches
the username and password.
I am not able to use form based login, because there are many applications
accessing my page, not only browsers, and it's a lot easier for applications
if there is http basic authentication instead of form based
authentication... (Just think about download managers)...
Oh yes, that makes perfect sense for you. I just wanted to make sure I
understood what you are doing. Of course as I read everyone's
descriptions, I am thinking about my own plans and I definately want to
use form-based authentication.
> @SecurityGuard(TypRoles.ADMIN)
> public AdminBean getAdminBean()
> {
> JsfSecurityManager.getCurrentInstance().check();
> }
>
Like I said, we haven't moved to the new Java yet. But okay, so the
annotation is labeling that this method should only be run by admins,
and it's the SecurityManager that is responsible for looking at the
annotation and deciding whether to continue?
Thanks for explaining!
(by the way, did you see my other reply to you yesterday?)
Regards,
Jeff Bischoff
Kenneth L Kurz & Associates, Inc.
