Assaf Arkin wrote:
> Principals typically (not just, but mostly) represent your users. Of
> course you can put many users on the same account (e.g. anonymous) or
> have multiple accounts for the same user (say, one for EJB, one for
> e-mail, etc), but generally a principal == user account.
Good; that's what I've always thought.
Now I've received email from someone else saying that it is bad practice
to dynamically and programmatically create new principals. But: if a
principal == user account, and new users can come to my site at any time
and effectively create new accounts for themselves, mustn't I be able to
dynamically create new principals? And given that creating principals
is a container-dependent operation, doesn't that mean that whatever it
is that creates those principals (a Servlet of my own creation,
perhaps?) is now no longer portable from container to container?
> A role is the right to engage in some sort of operation. For example, a
> 'teller' vs. 'branch manager', a 'user' vs. 'power user', a 'author' vs.
> 'editor'.
Yep.
> The number of roles depends on the granularity of your application.
> Maybe everybody is just a user, or you might have 'junior user', 'senior
> user', 'super user' and 'god-of-all-users' (aka sysadmin :-) )
Right.
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
