-
1. Re: problem with authentication domains
manos May 14, 2004 9:23 AM (in response to manos)Well the only solution we have found after two days ... was to create a dummy principal (invisible to anyone) with full privileges in the client side who does what JBoss guest was supposed to do....
-
2. Re: problem with authentication domains
starksm64 May 14, 2004 9:43 AM (in response to manos)Create a bug report on sourceforge with example ears which demonstrate this behavior please.
http://sourceforge.net/tracker/?group_id=22866&atid=376685 -
3. Re: problem with authentication domains
niox May 19, 2004 8:28 AM (in response to manos)Hello,
It seems this problem was related to the fact that Tomcat does not delete credentials(?) from a thread that served a request. Whenever a request required authentication things worked normally. If however a request did not require authentication, like in the case of a client site, the credentials from the last served request remained and confused the system.
This problem seems to have been solved in JBoss 3.2.3 when we tried it.
There are several posts in the Security & JAAS forum that describe this problem.
Nikos -
4. Re: problem with authentication domains
starksm64 May 21, 2004 11:02 AM (in response to manos)There has been a patch for the credential leak for jboss-3.2.1_tomcat-4.1.24.zip since 2003-05-04. patch description:
http://sourceforge.net/project/shownotes.php?release_id=157183
patch jar:
http://prdownloads.sourceforge.net/jboss/sa-valve-patch.jar?download -
5. Re: problem with authentication domains
manos Jun 7, 2004 8:33 AM (in response to manos)Sorry about that, just a test reply,.... απάντηση
-
6. Re: problem with authentication domains
manos Jun 7, 2004 8:40 AM (in response to manos)Sorry about that, just a test reply,.... απάντηση