Re: Client side Access Controls

Thu, 8 Apr 1999 16:02:01 -0400 

Check out http://java.sun.com/security/jaas/index.html as these classes
will provide an Authentication and Authorization framework for a EJB
implementation (client or server side).

Thanks,
Anthony Nadalin
_______________________________

mailto:[EMAIL PROTECTED]



Rickard �berg <[EMAIL PROTECTED]> on 04/06/99 11:50:06 PM

Please respond to A mailing list for Enterprise JavaBeans development
      <[EMAIL PROTECTED]>

To:   [EMAIL PROTECTED]
cc:    (bcc: Anthony Nadalin/Austin/IBM)
Subject:  Re: Client side Access Controls





Hey

"Masters.Robert" wrote:
> I'm looking at implementing some form of access controls in the client of
my
> EJB based application. basically I want to restrict access to certain
parts
> of the application depending on who the user is.  I have looked into the
> jdk1.2 security model and this seems approriate. However, ny backend EJB
> server is running JDK117b. Is this a dangerous proposition? and how/what
> ways are access controls normally achieved within a java application?
>
> I'm currently using weblogic and have found the acl's for protecting
server
> side objects relatively usefull, my other option is to try and extend
this
> to the client. But being jdk1.1 based the weblogic stuff uses the 1.1
> security model :(

Java 2 does not support the notion of client identification. This is a
known issue as it is listed as a ToDo of the Security API.

EJB1.1 will probably propose some workaround to this, probably based on
Permissions.

/Rickard

--
Rickard �berg

Computer Science student@LiTH
@home: +46 13 177937
Email: [EMAIL PROTECTED]
Homepage: http://www-und.ida.liu.se/~ricob684

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to