FYI, I did a little research... the 2.4 DTD states the affinity of the <login-config> element as ?, so you are allowed at most a single auth method. So, while you can of course configure as many constraints as you want, they all must share the same method, one per context. This means that, in answer to my original question, the only way I can do it if I want the Web Services to be in the same context is to write a filter to do basic auth.

Frank

Mark Lowe wrote:
On 3/17/06, Mark Lowe <[EMAIL PROTECTED]> wrote:
Thats the 2.3 and 2.4 specs btw.. the 2.2 doesn't have section 12.5
and the authentication section is section 11..

Anyhow without getting into all that cellar dwelling, i dont think
that there's a restriction on the amount of securit contraints you can
configure along with login-config's .. Not sure whether you can have 2
realms for 1 webapp in websphere, i'd imagine so..

On reflection this will be a big fat pain in the arse at the session
attribute used by the container is the subject or principal...
session.setAttribute(subject,subject).. or something like that. Having
2 realms even if theoretically possible would be a pain because you
secondary auth would overwrite the first.

If you wanted to restrict access to a service via a second login form,
if the user messed up this login it could invalidate his/her existing
login which could be behaviour you dont want. Even if you ensured that
the seocnd login put all the bits and peices from the first login, you
could find behaviour you dont want..

Mark

Mark

On 3/16/06, Frank W. Zammetti <[EMAIL PROTECTED]> wrote:
On Thu, March 16, 2006 2:26 pm, Caldarale, Charles R said:
From: Frank W. Zammetti [mailto:[EMAIL PROTECTED]
Subject: RE: Somewhat OT: Multiple auth methods in one webapp?

Do you know, or does anyone else know, where the server
looks for the credentials when the challenge box has
been submitted?
See section 12.5 of the Servlet spec (you probably have that memorized
by now) and RFC 2617, which covers both Basic and Digest authentication
for HTTP.
Thanks Chuck, saves me the time to find it.

But no, I'm not the guy that memorizes specs, that is very clearly Craig
McClanahan's title :)  The man's instant recall of spec is astounding!

 - Chuck
Frank

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
AIM: fzammetti
Yahoo: fzammetti
MSN: [EMAIL PROTECTED]
Java Web Parts -
http://javawebparts.sourceforge.net
Supplying the wheel, so you don't have to reinvent it!

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to