In most web applications, a user who doesn't have a user record simply has to
register to get a user record. When a web application is first initialized, it
doesn't matter that there are no user records, as the operation to create a
user is unrestricted.
However, in other applications, only users with specific authorization rights
can create other user records. So, when an application is first initialized,
if there are no users, then no one can do anything.
So, somehow you have to get that first user into the database. This isn't
really EJB specific, but I'm sure some people have run into this situation.
What are reasonable strategies for designing a solution for this?
Is it "reasonable" to just have some manual JDBC code on the server side that
knows what the user table looks like and manually inserts a login record?
Is it "reasonable" to create a method with no access restrictions which takes a
password, and which does manual authentication, and then creates the initial
login record?
--
===================================================================
David M. Karr ; Best Consulting
[EMAIL PROTECTED] ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
