Reg Setting Security Context. 2003-08-25 - By fadly
Back
Hi vikram,
JAAS actually can be performed for each layer, even down to each method.
To utilize JAAS you can use AppServer provided UserManager, or create your
own custom LoginModule
Assume that you use AppServer provided, what you must do to achieve your
purpose at EJB layer:
1) Provide User Information, UserId and Credentials in the User Repository,
such as OID
Oracle Internet Directory (LDAP-type) in OC4J or in JBOSS you can use
this login-module
"org.jboss.security.auth.spi.DatabaseServerLoginModule  " and use
database as your User Repository
2) Specify "role" in ejb-jar.xml, and mapping the role with user group in
the specific deployment descriptor, such as
orion-ejb-jar.xml for OC4J. In JBOSS, just examine login-config.xml.
There are two possiblities, after all necessary setup done:
a) error when supply bad userId and/or password
b) has insufficient role to perform target operation
For a). AppServer will throw javax.naming.AuthenticationException : Invalid
user/password ... handle this exception
properly and do proper action, such as printing error message in the browser
For b). The caller (user) doesn't have the role needed in order to perform
target operations, to check whether this user
has sufficient role, just call SessionContext.isCallerInRole(String
RoleName)
If true, just call target operations.
Cheers,
--fadly
-- -- Original Message -- --
From: "Vikram Naik" <deadly_naik@(protected)>
To: <J2EE-INTEREST@(protected)>
Sent: Monday, June 23, 2003 6:57 PM
Subject: Re: Reg Setting Security Context.
> Thanks for your reply.
>
> I have already tried that ... doesn't works!!!
>
> What I am trying to do is ... I have configured my Login Module on
> WebServer. After the user is authenticated and loaded with Ceredentials ,
> how to pass them to the App Server while looking up for the Ejbs. I am
using
> JBOSS as my App server .. want my user to be authenticated on webserver
and
> simply pass on the ceredentials to the app server thru lookup process.
>
> Please comment.
>
> Regards,
> Vikram Naik
>
> -- -- Original Message -- --
> From: "Gautam Batra" <GautamBa@(protected)>
> To: <J2EE-INTEREST@(protected)>
> Sent: Monday, June 23, 2003 1:35 PM
> Subject: Re: Reg Setting Security Context.
>
>
> > Hi,
> >
> > java.naming.security.principal=admin
> > java.naming.security.credentials=welcome
> >
> > in jndi.properties which can be found in classpath OR
> >
> > Hashtable env = new Hashtable();
> > env.put(Context.SECURITY_PRINCIPAL, "admin");
> > env.put(Context.SECURITY_CREDENTIALS, "welcome");
> >
> > and pass it to get the initial context.
> >
> > regards,
> > Gautam
> >
> >
>
===========================================================================
> > To unsubscribe, send email to listserv@(protected) and include in the
> body
> > of the message "signoff J2EE-INTEREST". For general help, send email to
> > listserv@(protected) and include in the body of the message "help".
> >
> >
>
>
===========================================================================
> To unsubscribe, send email to listserv@(protected) and include in the
body
> of the message "signoff J2EE-INTEREST". For general help, send email to
> listserv@(protected) and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to listserv@(protected) and include in the body
of the message "signoff J2EE-INTEREST". For general help, send email to
listserv@(protected) and include in the body of the message "help".
|
|
