Assaf Arkin wrote:
> > Four: if, for any of the above reasons, I end up with a proprietary form-based
> > authentication, not declarative, how do I set the user principal by myself? This
> > is necessary, because I still want to know the roles this principal is
> > associated with; I still want to pass this principal to the EJB calls, etc.
>
> The specs does not define a way to do that, yet.
>
> > Five: if I still want to use the declarative form-based authentication, but also
> > want the users to be able to enroll themselves (choose a user ID and password),
> > how can I insert a new user in the user database and map him to some roles?
>
> The specs definitely does not define that. You need to use some
> proprietary mechanism to add/remove users which is compatible with what
> you use to authenticate them.
>
> (I know. It sucks big time. You are not the first to say "well, how do I
> update this thing?")
Glad to hear I'm not the only one. :-) This is exactly the same
problem that I've been boring the list with for weeks now.
Is it just my imagination or...well, I don't want to slam on the people
responsible for the specification--I understand it's a hard thing to get
right--but in my mind, when you write a specification for *reading* a
particular object/string/etc. then you are obligated at the same time to
write the specification for *writing* that same object/string/etc. So
if the specification mandates a getCallerPrincipal() call, then you as a
spec. writer must at least *address* the issue of the implied
setCallerPrincipal() call, even if it's to say, "We considered X
approach and Y approach and realized that these won't work. Containers
must provide a well-documented way for setting the caller principal."
This specification (and the related Servlet specification) seem to be
missing this symmetry all over the place.
Cheers,
Laird
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
