On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote: > Thats the 2.3 and 2.4 specs btw.. the 2.2 doesn't have section 12.5 > and the authentication section is section 11.. > > Anyhow without getting into all that cellar dwelling, i dont think > that there's a restriction on the amount of securit contraints you can > configure along with login-config's .. Not sure whether you can have 2 > realms for 1 webapp in websphere, i'd imagine so..
On reflection this will be a big fat pain in the arse at the session attribute used by the container is the subject or principal... session.setAttribute(subject,subject).. or something like that. Having 2 realms even if theoretically possible would be a pain because you secondary auth would overwrite the first. If you wanted to restrict access to a service via a second login form, if the user messed up this login it could invalidate his/her existing login which could be behaviour you dont want. Even if you ensured that the seocnd login put all the bits and peices from the first login, you could find behaviour you dont want.. Mark > > Mark > > On 3/16/06, Frank W. Zammetti <[EMAIL PROTECTED]> wrote: > > On Thu, March 16, 2006 2:26 pm, Caldarale, Charles R said: > > >> From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] > > >> Subject: RE: Somewhat OT: Multiple auth methods in one webapp? > > >> > > >> Do you know, or does anyone else know, where the server > > >> looks for the credentials when the challenge box has > > >> been submitted? > > > > > > See section 12.5 of the Servlet spec (you probably have that memorized > > > by now) and RFC 2617, which covers both Basic and Digest authentication > > > for HTTP. > > > > Thanks Chuck, saves me the time to find it. > > > > But no, I'm not the guy that memorizes specs, that is very clearly Craig > > McClanahan's title :) The man's instant recall of spec is astounding! > > > > > - Chuck > > > > Frank > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
