Hi,
From the J2EE spec I understand that the servlet container is
responsible for its own
security.When the user request crosses the servlet container boundary
there has to be a
mapping between the ejb container and the servlet container and the ejb
container will
manage its own security.Now the servlet container development and ejb
container development
is being done at different place by different people.We have to wait
and see if both these
development will use a common standard e.g using JAAS to implement the
security realms for
authentication.I guess different implementation of JAAS to do what
weblogic is doing is
possible.
I think this subject needs to be discussed more to hash out the
design issues.
PKD
roman seidl wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Rickard,
>
> Maybe one should have a look at the way Weblogic handles security.
>
> http://www.weblogic.com/docs51/classdocs/API_acl.html
>
> show how bea implemented an acl security scheme for their application
> server.
>
> it manages users, groups and acls in a "security realm". There are
> several security realms implemented in Weblogic like LDAP, NTusers,
> UnixUsers or RDBMSRealm.
>
> The scheme allows for mapping of acs to types and to instances.
> instances are mapped by their jndi names.
>
> It is mainly used to protect Weblogic`s integrated services (JDBC
> connection pools, JNDI resources,...). One can use the ACL security
> scheme by implementing your own security checks by calling the
> Security API and asking for a permission.
>
> I don�t think that this really is a usefull approach as it does not in
> any way integrate with EJB security.
>
> What I like about the Concept is that you are able to Map ACLs on a
> type and instance level. I think defining an abstract concept of how
> the role is assigned to the Principle and then implementing a
> system that allows not only for type but also for instance mapping
> of security roles to users/groups would be enough to allow just any
> security scheme one could think of.
>
> mfg
> roman
> - --
> - -------------------------------------------------------------------
> Roman Seidl Design & Developement
> - -------------------------------------------------------------------
> Public Voice Lab Operngasse 24, A-1040 Vienna
> Tel.: +43-1-585 22 80/23 Fax: +43-1-585 22 80/99
> e-mail: [EMAIL PROTECTED] web: www.pvl.at
> - -------------------------------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5i
>
> iQA/AwUBOX2u7Pg2uKdd4ESJEQKV9ACfe+bYilmHgjO7PN7YOrnl8MVNVokAoLLP
> NZy7gHLWvPyPNEwq3YD5+Zdn
> =UYqW
> -----END PGP SIGNATURE-----
