Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » J2EE Pattern »

Re: Using LDAP roles for EJB security

Deb, Abhijit

2004-12-30


A separate application (within your own application) should be written to
synchronize LDAP and EJB security descriptions. Every time a user is added,
her roles should be added to the LDAP and EJB xml files at the same time.
This application would not be trivial.

-Abhijit


> -----Original Message-----
> From: An interest list for Sun Java Center J2EE Pattern Catalog
> [mailto:J2EEPATTERNS-INTEREST@(protected)
> Sent: Monday, December 27, 2004 12:17 PM
> To: J2EEPATTERNS-INTEREST@(protected)
> Subject: Using LDAP roles for EJB security
>
> All-
> Below is the scenario
>
> Application Server : Weblogic 8.1
> Webserver: Iplanet
> Security: Siteminder (SSO) with LDAP
>
> All users information with their designated roles in the business is
> available in ldap(got user group like
> supplier,vendor,customer,contractors etc). Siteminder authentication
> always done against ldap.
>
> Now I am designing couple of ejb's where I need to provide method
> level security based on the user roles. I know that is possible by
> defining these roles & users in Weblogic and control it through the
> ejb xml files.
>
> But my main issue is that in the above case, I need to duplicate the
> entries in weblogc which is really next to impossible and every time
> user's added in ldap, I need to update webllogic which is a
> maintanance head-ache.
>
> What I really looking is somehow I can map the EJB required roles to
> LDAP roles in a better way.
>
> Ur suggestions are really valuable
>
> *****************************
> Ranjeeth kumar,
> *************************************
>
> ====================================================================
> Companion Site: http://www.corej2eepatterns.com
> J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
> List Archive: http://archives.java.sun.com/archives/j2eepatterns-
> interest.html
> Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to
> listserv@(protected)
====================
This email/fax message is for the sole use of the intended recipient(s) and
may contain confidential and privileged information. Any unauthorized
review, use, disclosure or distribution of this email/fax is prohibited. If
you are not the intended recipient, please destroy all paper and electronic
copies of the original message.

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@(protected)
©2008 junlu.com - Jax Systems, LLC, U.S.A.