That should work fine for me. For my application, "Roles" are not
sufficient. My beans must know the user by Prinicpal; I will check
access control lists myself.
(In effect, my application creates new "Roles" (which I call "security
domains"), and allow access based on user. It's not based on class of
the entities (the EJB security model), but rather on identity (i.e.
which user "owns" this particular piece of data).
>From my brief reading of JAAS, it doesn't sound flexible in this regard.
That is, the protected asset for me is data, not code, whereas JAAS
protects code. Am I understanding this correctly?
- Keith
-----Original Message-----
From: Oleg Nitz <[EMAIL PROTECTED]>
To: jBoss <[EMAIL PROTECTED]>
Date: Monday, November 06, 2000 6:16 AM
Subject: Re: [jBoss-User] problem with ctx.getCallerPrincipal()
>Hi jBoss,
>
>Keith L. Musser wrote:
>KLM> For my application, my beans need to know who the end-user is.
When I
>KLM> call the "getCallerPrincipal()" method in the SessionContext or
>KLM> EntityContext, I receive "null".
>
>KLM> Does jBoss propagate the caller principal per the EJB spec?
>Yes.
>
>KLM> If so, how can my client set it initially?
>The simplest way: call
>org.jboss.system.SecurityAssociation.setPrincipal()
>on client.
>
>Other way: use JAAS, see
>http://www.mail-archive.com/[email protected]/msg04170.h
tml
>
>Sorry, the documentation on this topic is not ready yet.
>
>Best regards,
> Oleg
>
>
>
>
>--
>--------------------------------------------------------------
>To subscribe: [EMAIL PROTECTED]
>To unsubscribe: [EMAIL PROTECTED]
>Problems?: [EMAIL PROTECTED]
>
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
