You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Navjot Singh <na...@net4india.net> on 2004/06/30 12:04:58 UTC
[OT] JAAS behaviour
Hi,
When we have a checked URI and we authenticate successfully, the
principal is available from current request object. However, if we
navigate to an unchecked URL (i mean with no security-constraint
imposed) then the principal is not available.
I thought that the JAAS implementations save the principal in
HttpSession after authentication. But NO. Jboss seems to save this
principal information *somewhere* and if web-resource with
security-constraint is asked for, it checks, retreive and save principal
info in request object.
Where does Jboss's JAAS impl store the authenticated principals and it's
mapping with session ids?? and why not just save it in usual session?
Any insights.
TIA
Navjot Singh
Sign on Tombstone: "Here lies an atheist, all dressed up and nowhere to go."
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org