-
1. Re: Accessing secure beans from unsecure JSP
ko5tik Oct 15, 2001 11:15 AM (in response to mmills)AFAIK, null principal is no longer problem of barfing.
I use special role "nobody" for this puprose,
and login module which gives role "nobody" for
every user authenticated or not.
BTW, some login modules have parameteer which allows assigment of certain role to unauthenticated users.
AFAIK, "unchecked" permission exists for EJB2.0 only. -
2. Re: Accessing secure beans from unsecure JSP
mmills Oct 16, 2001 10:48 AM (in response to mmills)Thanks for your reply, however I am getting the principal=null exception.
Has this been fixed in a newer release of JBoss? I am using 2.4.3.
Did you create a new login module or use an existing one? When you say "some login modules have parameter..." which ones and how is that used? -
3. Re: Accessing secure beans from unsecure JSP
starksm64 Oct 18, 2001 12:42 AM (in response to mmills)Use the unauthenticatedIdentity option to set what
principal name user's without login credentials will
be mapped to:
login-config {
org.jboss.security.auth.spi.DatabaseServerLoginModule required
dsJndiName="java:/DefaultDS"
principalsQuery="select Password from Principals where PrincipalID=?"
rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
unauthenticatedIdentity=nobody
;
};