struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Navjot Singh <>
Subject [OT] JAAS behaviour
Date Wed, 30 Jun 2004 10:04:58 GMT

When we have a checked URI and we authenticate successfully, the 
principal is available from current request object. However, if we 
navigate to an unchecked URL (i mean with no security-constraint 
imposed) then the principal is not available.

I thought that the JAAS implementations save the principal in 
HttpSession after authentication. But NO. Jboss seems to save this 
principal information *somewhere* and if web-resource with 
security-constraint is asked for, it checks, retreive and save principal 
info in request object.

Where does Jboss's JAAS impl store the authenticated principals and it's 
mapping with session ids?? and why not just save it in usual session?

Any insights.

Navjot Singh

Sign on Tombstone: "Here lies an atheist, all dressed up and nowhere to go."

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message