Hi,
I had a similar issue, what about using groups instead of principals?
<security-role-mapping>
<role-name>allauthenticated</role-name>
<group-name>your-group1</group-name>
<group-name>your-group2</group-name>
...
</security-role-mapping>
Then you require "allauthenticated" in you web.xml, this mean all the
user will be able to use it only after a successful login (you don't
need a "none" role)
<auth-constraint>
<role-name>allauthenticated</role-name>
</auth-constraint>
Still, I think that the authenticated and notauthenticated roles should
be provided by JavaEE - the more I go further in my understanding of
this technology, the more I realize that really obvious use cases has
been completely ignored.
Piero
glassfish_at_javadesktop.org wrote:
>> and listing every principal is... well... a joke right?
>>
> After i wrote the reply i started digging for wildcard support and figured out that it doesn't work in p2r mapping..
>
> Maybe you can file an issue and we can investigate the feasibility.. Will it suffice if we support wildcard to mean all authenticated principals in p2r mapping.
>
> Thanks.
> [Message sent by forum member 'kumarjayanti' (kumarjayanti)]
>
> http://forums.java.net/jive/thread.jspa?messageID=242314
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>