Re: Re[2]: [jBoss-User] User Authentification

Wed, 16 Aug 2000 05:45:53 -0700 

Hi,

Secure access to resources is a different concern than what I'm 
working on, which is authentication and the access control 
described in the EJB specification.  I think the most common 
approach will be to use a common user-name/password for all EJB 
container accesses to a resource, and depend on the container's 
access control (and possibly programmatic access control from 
the user-in-role/ get principal stuff) for securing your data.

Other approaches are possible, but inconvenient right now.  (For 
instance, you can acquire a resource from the container with the 
res-auth deployment descriptor being of type "Application." The 
mapping between the principal and the logon would need to be 
done manually by the bean.)  I believe the connector specification 
describes a framework where the user principal can be used for 
resource access.

You may want to refer to the EJB specification for more detailed 
information about security for EJB components.

-Dan

On 16 Aug 00, at 12:29, Ingo Bruell wrote:

> 
> ----- Original Message -----
> From: "Dan OConnor" <[EMAIL PROTECTED]>
> To: "jBoss" <[EMAIL PROTECTED]>
> Sent: Tuesday, August 15, 2000 11:00 PM
> Subject: Re: Re[2]: [jBoss-User] User Authentification
> 
> 
> > In general, you should be able to design your J2EE application
> > without regard to the details of the security implementation.  If you
> > have specific concerns, just post them to this list and I'll be happy
> > to address them. :-)
> 
> In which list ?
> I have the idea, that the user identity is used to connect to the database
> if configured. But JAWS must be expanded so that the deployer or the
> application designer have control if the identity shpould be used or not, I
> think.
> 
> Ingo Bruell
> 
> ---
> OBL GmbH ([EMAIL PROTECTED])
> Hude (Oldenburg)
> Germany
> 
> 
> 
> --
> --------------------------------------------------------------
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Problems?:           [EMAIL PROTECTED]
> 




--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Problems?:           [EMAIL PROTECTED]

Reply via email to