I would like to give unregistered user acces to my webapp. therefore I would like to to create an user (guest) with the role guest. This is already done.
but now there's a problem:
because I've stored the role in the db, I have to login the guest-user automatically as a user with the guest-role. Therefor I would like to write a GuestLoginServlet, which only authorized this user as guest, that the method:
isUserInRole("guest") return true!
But how should I do that?
(by the way, I've got a solution with constraints in the web.xml, but that could'nt be the right solution).
Is there a possibility to login a user in a servlet? or can I determine a default role, which a not authorized user has? and where do I have to determine this role and has this role to exist in the db?
my login-config.xml looks as following:
<application-policy name = "adminDomain">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:/DefaultDS</module-option>
<module-option name = "principalsQuery">select password from users where login=?</module-option>
<module-option name = "rolesQuery">select role, 'Roles' from roles where login=?</module-option>
Thank a lot for any hints...
We support the notion of a default user that has no roles, but not one that has a default role. You would have to write your own custom login module that viewed the principal=null, credential=null anonymous user as one that should be given a principal with a name of guest, and a role of guest.