0 Replies Latest reply on Mar 14, 2003 12:09 PM by Colin Bendell

    jboss.org site source (or securing the web-app - how do they

    Colin Bendell Newbie

      Does anyone know if and where the source for the jboss.org site resides? The old site is in cvs, but I can't find the site.

      I am asking because I see that the jboss site does what I need to do, and I can't a) figure it out or b) find anyone with the answers to my questions.

      The jboss forums site allows a public user to view the forums, but then once logged in, the same pages exist but with extra fields available. Also, a cookie is set and then honoured when I return to the site (presumably authenticating my session)

      It is obvious that in an unsecured web app or zone that a servlet calling request.getUserPrincipal() and request.getRemoteUser() returns null. In a secured zone, the principle user is set.

      My core questions are:
      a) I know I can set the unauthenticated principle in the ejb layer, but can I do the same for web layer?

      b) if I secure the whole webapp and use roles to distinguish between public and private areas - how do allow the servlets/filters to be called before the j2ee security is fired?

      c) how do I authenticate a returning user to the web site? (This is a derivitive of the previous two questions)