Hi, Trying to get a custom login through a JAAS LoginModule.
Got the authentication to work (confirmed thru println()), but get back a HTTP unauthorized error in the browser. Gets to the commit() of LoginModule, where I add a "Principal" based on the one "role" defined in tomcats web.xml ... same as SampleLoginModule example. How does authorization work in general once you have a authenticated user ? Ideally, don't want to list any users or Roles in *any* tomcat config file. Possible ? Thanks Background INfo =============== 1) Have a <security-constraint> in web.xml 2) Also have a <auth-constraint>, with one role 3) This role is also listed in <security-role> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
