Jboss 3.0.4 is actually bundled with jetty 4.1.3.
In the meantime I faced a more serious problem. How can I have some area at the site (preferrably the whole site) having request.getUserPrincipal() returning either null or the principal of the logged-in user WITHOUT securing this area? I mean I want to change the behaviour of the site depending on if any user is logged in or not (for ex. show his/her name). I found out that with jetty request.getUserPrincipal() returns the principal ONLY for areas secured with <auth-constraint>. Is that the supposed and correct bahaviour?
Here is my web.xml cutting:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Site</web-resource-name>
<url-pattern>/</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Page</web-resource-name>
<url-pattern>/users/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>customer</role-name>
<role-name>operator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/main/login.html</form-login-page>
<form-error-page>/main/login.html?badLogin=true</form-error-page>
</form-login-config>
</login-config>
after user is logged in, request.getUserPrincipal() returns null everywhere except inside /users/*.
-----Original Message-----
From: Greg Wilkins [mailto:gregw@xxxxxxxxxxx]
Sent: Sunday, December 08, 2002 19:29
To: jetty-support@xxxxxxxxxxxxxxx; Alexey Yudichev
Subject: Re: [jetty-support] Re: jetty servlet security model: are there any extensions?
Sounds about right for Jetty 3.0...
Give it a go!
ayudichev wrote:> After looking at FormAuthenticator.java, I realized that
>
>
> 1) to forward to default page I need to set "org.mortbay.jetty.URI"
> session attribute before post to j_security_check
>
>
> 2) to logout I have to remove "org.mortbay.jetty.Auth" sesisn
> attribute.
>
>
> Will above be 100% working and is this a correct way?
>
>
>
>
>
>
>
> --- In jetty-support@xxxxxxxxxxxxxxx, "ayudichev <alexey@xxxx>"
> <alexey@xxxx> wrote:
>
>
>
>>I use jboss 3.0.4 with jetty.
>
>
>
>>Using form-based auth is it possible to:
>
>
>
>> 1) specify "default" page, i.e. the page where jetty forwards
>
> after
>
>
>
>>direct post to /j_security_check (no previous request to restricted
>
>
>
>>area has been made). Or instead is it possible to programmatically
>
>
>
>>login the user? I need this to place login form on the homepage.
>
>
>
>> 2) programmaticaly logout the user without destroying entire
>
> session
>
>
>
> ------------------------ Yahoo! Groups Sponsor ---------------------~-->
> Get 128 Bit SSL Encryption!
> http://us.click.yahoo.com/CBxunD/vN2EAA/xGHJAA/CefplB/TM
> ---------------------------------------------------------------------~->
>
> For the latest information about Jetty, please see http://jetty.mortbay.org
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
--
Greg Wilkins<gregw@xxxxxxxxxxx> Phone/fax: +44 7092063462
Mort Bay Consulting Australia and UK. http://www.mortbay.com
For the latest information about Jetty, please see http://jetty.mortbay.org
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
| 