1 Reply Latest reply on Sep 13, 2002 11:39 AM by moraelin

    Temporarily Grant Anonymous Access to Session/Entity

    jmejia424

      I am using STRUTS and have created a plugin. This plugin initializes when the .war is deployed. This plugin is used for caching. It access a Session and Entity Bean. Both the Session and Entity Beans have security defined.

      When the .war is deployed there is NO PRINCIPAL. Thus, the principal=null. I have used the unauthenticatedIdentity=nobody and have successfully gotten this to work for my service. However, when I do, the site never prompts for authentication because EVERYONE is of type NOBODY.

      Is there a way that I can temporarily grant access to the Plugin so that is initializes but then authorization is forced for everyone else hitting my site?

      How else could I accomplish the same thing?

        • 1. Re: Temporarily Grant Anonymous Access to Session/Entity
          moraelin

          I have no experience with Struts, and I don't know exactly how and what you're caching, so please don't mind if I say something stupid.

          But if I had a situation like that, the first thing to cross my mind would be: lazy initializing. I.e., don't actually initialize the cache until an actual request is served, and you have a good Principal. This is not just a work-around, it's also that I haven't actually encountered a situation where it makes that much sense to preload a cache. (Though that doesn't mean such situations can't exist.)

          The second thing that comes to mind is: client side login. JAAS isn't just for web based login forms. Any stand-alone non-web piece of program (e.g. our JUnit tests for the EJB's) can create a LoginContext and a CallbackHandler with a hard-coded name and password, and log in through the normal ClientLoginModule. Your plugin should be able to do that, too.

          From the EJB's point of view, it's no different from a web based login or any other kind of login. It's an authenticated call.