> Now I've received email from someone else saying that it is bad practice
> to dynamically and programmatically create new principals. But: if a
> principal == user account, and new users can come to my site at any time
> and effectively create new accounts for themselves, mustn't I be able to
> dynamically create new principals? And given that creating principals
> is a container-dependent operation, doesn't that mean that whatever it
> is that creates those principals (a Servlet of my own creation,
> perhaps?) is now no longer portable from container to container?
Yes.
Today there's only an API to lookup the stuff, whether its the J2EE
APIs, JAAS etc, but no way to create/delete it. So the creation
mechanism is non portable.
There's hint in the specs that CMP might be used to create/delete
principals. We've been using CMP that persist into LDAP to model the
user accounts, which are the principals you get back from the
authentication service. At least it's half portable.
Any ideas suggestions are more than welcome.
arkin
>
> > A role is the right to engage in some sort of operation. For example, a
> > 'teller' vs. 'branch manager', a 'user' vs. 'power user', a 'author' vs.
> > 'editor'.
>
> Yep.
>
> > The number of roles depends on the granularity of your application.
> > Maybe everybody is just a user, or you might have 'junior user', 'senior
> > user', 'super user' and 'god-of-all-users' (aka sysadmin :-) )
>
> Right.
>
> Cheers,
> Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
