----- Original Message -----
From: "Andreas Schaefer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 11, 2001 10:19 PM
Subject: Re: [JBoss-dev] JMX Adaptor/Connector repackaging and new
EJB-Adaptor and Connector
> Hi
>
> I don't anything anymore w/o my layer (hi, hi).
>
> I think the URI mapping scheme is not working that well because
> Only the domain name deliver something like a hierarchy the other
> SHOULD only properties allowing the client to find the appropriate
> MBean which works similar to JINI.
>
The domain name along with the war context give two levels at which
you can declare security roles. That is plenty for me:
http://myserver/jmxadmin/domain?service=ContainerFactory&prop1=value1...
This allows me to require authorization for all content under /jmxadmin
and I can optionally assign different roles to the domain contexts.
> I have some problems to understand the part of the security but I
> understand that it is easier to use the web security than the EJB
> security, right ?
No, both EJB and web security are basically the same. With EJBs you
secure methods while for web content you secure uri patterns. In both
cases you say which roles are allowed access.
> IMO both should be in place because security should also work for
> the EJB-Connector leveraging the EJB-Adaptor.
>
The EJB security is core to JBoss and so the EJB-Connector can always be
enabled securely. The issue is how to provide a secure HTML based connector.
You can do like Sun did and provide your own mini html server and security
layer,
or you leverage a web container and write a servlet. If you don't think the
uri naming convention can work well enough you could always write the
servlet
as unsecure and have it delegate calls to the secured EJB-Connector.
> Andy
>
> ----- Original Message -----
> From: "Scott M Stark" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, September 11, 2001 7:45 PM
> Subject: Re: [JBoss-dev] JMX Adaptor/Connector repackaging and new
> EJB-Adaptor and Connector
>
>
> > I would implement this as a servlet that utilized a uri mapping scheme
> > to intercept all MBean view requests. This way you could partition the
> > uri namespace of the admin war into domains and subdomains using the
> > structure of the ObjectName and assign security simply by using the
> standard
> > web security model. This would also make it simple to support binding
the
> > request interface to specific interfaces and allow SSL access by
> leveraging
> > the
> > servlet container. I would rather require a servlet container to have
> secure
> > access
> > to the HTMLAdaptor as opposed to rolling a custom security construct in
> the
> > absence of the servlet container.
> > >
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
