-
1. Re: Authentication exception principal =null when I dont wan
msmckibben May 20, 2003 2:14 AM (in response to rshinde)Did you ever find a solution to this problem? I have exactly the same problem with 3.2.
The only hack/workaround is to have an adapter layer between my clients that log into JAAS with the JBoss client-adapter. I shouldn't have to perform a login for unchecked method permissions! -
2. Re: Authentication exception principal =null when I dont wan
zorzella May 21, 2003 4:42 PM (in response to rshinde)I'm also interested in the topic. All my attempts to have unchecked methods seem to fail.
Another related issue is that I wanted to query the DB through an (unchecked) EJB to get the username/password info, but that results in an infinite loop, because the security interceptor is calling my Login handler even for this unchecked method.
Any info is appraciated. Thanks,
Zorzella -
3. Re: Authentication exception principal =null when I dont wan
zorzella May 22, 2003 1:25 PM (in response to rshinde)I found the reason for that. The "unchecked" flag relates to authorization, not authentication. In other words, any authenticated user, regardless of role, may execute it, but non-authenticated users can't. I, personally, think that is just silly -- a gross oversight -- but that is what all the docs seem to imply. Check the dtd at http://java.sun.com/dtd/ejb-jar_2_0.dtd:
*********
The method-permission element consists of an optional description, a list of security role names or an indicator to state that the method is unchecked for authorization, and a list of method elements.
*********
Note the use of the word authorization, rather than authentication.
Zorzella -
4. Re: Authentication exception principal =null when I dont wan
juhalindfors May 24, 2003 3:35 AM (in response to rshinde)see unauthenticatedIdentity property in the JBoss security docs, I think that's what you're looking for