[jboss-user] [Security & JAAS/JBoss] - Using unauthenticatedIdentity for web applications

Wolfgang Knauf do-not-reply at jboss.com
Thu Dec 4 04:40:16 EST 2008


Sorry for re-posting, but the subject of my last post was broken...
 
Is there any way to use the "unauthenticatedIdentity" feature of "login-config.xml" for secured web applications?

I have a form based authentication, and even if I enter nothing in "j_username"/"j_password", this empty input seems to be interpreted as zero string login/password, but not as empty login.

For application clients, the NULL login works fine:
      AppCallbackHandler callbackHandler = new AppCallbackHandler(null, null);
  |       LoginContext loginContext = new LoginContext ("my_auth_conf", callbackHandler);
  |       loginContext.login();

Thanks

Wolfgang

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4194264#4194264

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4194264



More information about the jboss-user mailing list