Thanks for your reply. I have two follow up questions below.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Sandeep Dath
Sent: Friday, December 01, 2000 1:08 PM
To: jBoss Developer
Subject: RE: [jBoss-Dev]
Hi,
>Hi... I'm trying to migrate my existing application to JBoss
>from weblogic.
>Currently, I'm using RDBMSRealm of weblogic to authenticate
>the user. What I
>want to know is does JBoss has a built-in servlet/jsp
>container or I should
>use either tomcat or jetty?
Yup.
-- Which one are you refering? does Jboss has its own servlet/jsp container?
> If I need to use jetty or tomcat, do they
>support j_security_check? If no, what's the alternative? I
>have my username,
>password and role stored in a database that is actually used
>by Weblogic
>RDBMSRealm.
Realms in Weblogic are a sort of feature that is difficult to find in open
source per se. Additionally, when you are working with alternate realms, as
you are (RDBMSRealm works with an RDBMS and is an alternative realm) - you
will perhaps have enabled realm caching (hosted by CachingReal etc etc etc).
Plus, this is really not portable. I guess you are constrained by time and
don't want to implement a custom authentication system. Jboss, uses a
security interceptor to do security checking, picking up info from the XML
descriptor. It is theoretically possible to implement a security plugin that
will pick up the ACLs from an RDBMS just like WebLogic does in the case of
RDBMSRealm.
-- If I want to implement my own security plugin or my own RDBMS realm,
where should I start? How do you specify the role of the authenticated user
to JBoss?
I don't think that exists yet. I guess the dev team could give you more
inputs on this...
>Last question, if jetty/tomcat do support j_security_check does
>the authentication information propagate to the EJB tier (is
>the username
>accessible in the ejb tier using the ejbcontext's
>getCallerPrincipal?) Where
>can I find the documents about these stuffs?
I guess this is possible with the deployment descriptors once everything is
bundled within an EAR. You know - beans in jar, servlet/JSPs in WARs and
then all into an EAR with a descriptor.
I think all classloader integration issues have been resolved (particularly
with respect to the JNDI implementation). Also check the docs on the
classloader integration (at least I believe there are docs!)
>Sorry.... I have too much questions coz I just started playing
>with JBoss
>yesterday and my boss is requiring me to finish it for a
>limited period of
>time.
>
Yeah I know all about that kind of stuff. Very annoying, really.
Sandeep
"I too seek the light, so long as it tastes great and is not too filling."
- Mostly Anonymous (circa
1997 A.D.)
