If you have access to a container which implements all the J2EE
functionality, the J2EE security services will provide all of this for you.
You can create an access control list which can be applied to both the
servlet and the EJB. The act of validation is then handled auto-magically
by the container. Once a user is authentic their credentials are propogated
between callers and access can be controlled in a coarse or fine grained
way.
Theres no need for you to roll your own, J2EE provides these services.
<vendor>
As a value add, EAServer even allows you to create your own custom
authentication and access control components that the server will delegate
to. In this way you can re-use alot of your beans you use for security now,
yet still use J2EE based security.
</vendor>
Dave Wolf
Internet Applications Division
Sybase
----- Original Message -----
From: "Sriram Krovvidi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 22, 2000 8:51 AM
Subject: login design issue
> Hi All,
> I have a design issue with to usage of servlets or EJB's.
>
> This is the scenario.
> I have two instances of app servers running say app1 and app2 each
connected
> to 2 different
> databases.
>
> when the user logs in initially, (login has separate database and unique
for
> both app1 and app2 )
> 1. user is validated
> 2. IP and the port where the app server is running are taken from the
dB.
> 3. the his user name is put in a session
>
> Once the user is validated, he is diverted to app1 or app2 depending on
the
> IP taken
> during the login.
>
> Can the login be designed with servlets or EJBeans ?
>
> Can somebody provide their thoughts (pro and cons) of using servlets or
> EJB's while designing
> the login ?
>
> If the login is designed using EJB's , can I pass the session from one app
> server instance to
> another app server instance ?
>
> Thank You,
> -Sriram
>
>
===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
