Hallo!
I have a
JBOSS AS 4.3 web service application that has basic authentication using the 'UsersRolesLoginModule' configured using login-config.xml, web.xml, jboss-web.xml, user.properties etc. All authentication works fine till now!
The new 'unique' requirement (almost a reversal of the original requirement!!!) is that this authentication needs to be flag based! This is because the client may be delayed in getting the changes ready to invoke with username/password. Until then, we want the new changes to be deployed and "some configuration" on the server to switch OFF the authentication until the client is ready. When the client is ready, we switch the configuration ON. The idea is NOT to change the application ear!
In short, I would pass a null username and password, and it should go through. Tried the following ...
1. Setting '
unauthenticatedIdentity' property -- but it doesn't work!
2. Tried custom login module -- it doesn't get invoked when username and password is null!
3. Removing realm info from login-config.xml -- goes hunting for the defaultSecurityAuthentication i.e. defaultuser.properties
Interesting problem, and would like to know different views...
Regards
Jinu