Re: [jBoss-User] JBoss Question

Mon, 26 Jun 2000 21:03:39 -0700 

Hi,

The EJB specification (note that this is not jboss specific) provides 
for three layers of security information.  The first is "logical" roles 
and the access permissions of EJB methods for those roles.  The 
third is the actual principals in the underlying security system.  The 
second is the mapping between the logical roles and the actual 
principals.

The logical roles and access control will be specified in the EJB 
1.1 (or 2.0) deployment descriptor.  The mapping will be stored in 
an application-server-specific manner.  As a bean deployer, you do 
not need to worry about how; you simply need to specify the 
mappings using your vendor supplied tool.

An LDAP directory might be used for the third layer--the underlying 
security system.  For instance, you might store public and private 
keys for a particular user in the LDAP server. The client might 
provide the server with a digital signature (using the password 
protected private key) that the server could verify using the client's 
public key from the LDAP server.  Exactly how this would occur is 
not in the spec.  In fact, the EJB specification does not require a 
compliant application server to support any particular underlying 
security system.

Right now, jBoss does not use any security.  I'm working to fix 
this.  I hope that when I'm done, you would be able to use--for 
instance--OpenLDAP to authenticate your clients if you would like.  
Unfortunately, I can't give you an idea of when this might be.

-Dan

On 26 Jun 00, at 21:55, pranab wrote:

> Hi,
>    If role based access control for a Bean is stored in a LDAP directory
> e.g OpenLDAP server.How does one go about getting that information in
> JBoss JNDI namespace.In other 
> words where will the users credentials be authenticated in Jboss JNDI
> namespace.
> 
> Regards
> 
> PKD
> 
> 
> --
> --------------------------------------------------------------
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Problems?:           [EMAIL PROTECTED]
> 




--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Problems?:           [EMAIL PROTECTED]

Reply via email to