JBoss needs support for:
J2EE Spec 1.2, Section 184.108.40.206 Unauthenticated Users
Web containers are required to support access to web
resources by clients that
have not authenticated themselves to the container.
This is the common mode
of access to web resources on the Internet. A web
container reports that no user
has been authenticated by returning null from the
The EJB specification requires that the EJBContext
getCallerPrincipal always return a valid Principal
object. It can never
return null. However, it&#8217;s important that components
running in a web
container be able to call enterprise beans, even when
no user has been
authenticated in the web container. When a call is
made in such a case from a
component in a web container to an enterprise bean, a
J2EE product must
provide a principal for use in the call.
A J2EE product may provide a principal for use by
unauthenticated callers using
many approaches, including, but not limited to:
- Always use a single distinguished principal.
- Use a different distinguished principal per server,
or per session, or per
- Allow the deployer or system administrator to choose
which principal to use.
This specification does not specify how a J2EE product
should choose a
principal to represent unauthenticated users, although
future versions of this
specification may add requirements in this area.
Log in to post a comment.