tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kuba44 <>
Subject Re: Bug in security TomEE
Date Fri, 06 Sep 2013 18:48:58 GMT
Authentication and authorization are two different things.
If you try to access a protected resource and you are not authenticated,
the server will ask for your username.password. After having you
authenticated, the server will check if your user is authorized to access
the requested resource. If you are not authorized, it will throw a 403
exception, but you will still be authenticated.

If you after having a 403 you can't access what you are supposed to have
access to, then we have an issue. :)
Is that it? 

So, what should I do if i want to get to protected resource, when i'm
authenticated only as user and i want to get authorized as admin ? I have to
logout and login again ?

View this message in context:
Sent from the OpenEJB User mailing list archive at

View raw message