-
1. Re: CallerIdentityLoginModule: where get credentials?
starksm64 Sep 14, 2004 11:46 AM (in response to yuriyg)The credentials come from the calling components security context. Describe the call sequence in detail if you want help in drilling down into what is going on. You can create a bug report on sourceforge if you have an example you think that should be working:
http://sourceforge.net/tracker/?group_id=22866&atid=376685 -
2. Re: CallerIdentityLoginModule: where get credentials?
yuriyg Sep 14, 2004 12:40 PM (in response to yuriyg)I created a bug report.
https://sourceforge.net/tracker/index.php?func=detail&aid=1028029&group_id=22866&atid=376685
I don't think there's more details. Just the same method works from the first web page and don't work from the second one. Nothing specific at these pages. Just calls. -
3. Re: CallerIdentityLoginModule: where get credentials?
yuriyg Sep 15, 2004 5:18 AM (in response to yuriyg)Hmm... So, if I understood you correctly (and actually I tried it and it works) I should set LoginContext at each web page? Then question is why? It's not quite obvious, you know, a ejbean used login context the first time and then I use the same bean but context could be different? It's a great overhead flexibility or there is a reason behind that?
-
4. Re: CallerIdentityLoginModule: where get credentials?
starksm64 Sep 15, 2004 10:05 AM (in response to yuriyg)Why should an arbitrary LoginContext done in one thread of a web application subsequently affect all other pages in the web app? If that is what you want, use the container's declarative security model to establish the security context that will be used for the servlet and any secured resources access as part of the servlet implementation. Ues of the the LoginContext to do this is a fine grained, request specific mechanism.