[jboss-user] Authentication with credentials and without for the same URL

Tim Terlegård tim.terlegard at gmail.com
Fri Sep 24 07:35:10 EDT 2010

I would like JBoss AS to handle authentication, but I would like to
handle the authorization programmatically.

If a client passes username/password I would like JBoss to
authenticate this request and pass the principal+roles to the servlet.
If the client doesn't pass any credentials I would still like the
servlet to be invoked but without any principal or roles. How can one
do this?

If I don't have any <security-constraint> in web.xml it doesn't seem
like authentication is triggered. I don't get any principal in my
servlet. If I have a <security-constraint> I must supply a role and
that won't work for unauthenticated users. Is there a way to trigger
authentication without having a <security-constraint> in web.xml?


More information about the jboss-user mailing list