Hi jBoss,
Keith L. Musser wrote:
KLM> That should work fine for me. For my application, "Roles" are not
KLM> sufficient. My beans must know the user by Prinicpal; I will check
KLM> access control lists myself.
KLM> (In effect, my application creates new "Roles" (which I call "security
KLM> domains"), and allow access based on user. It's not based on class of
KLM> the entities (the EJB security model), but rather on identity (i.e.
KLM> which user "owns" this particular piece of data).
Correct. In our project we have the similar situation, and we came to
the same conclusion. But I suppose that it is possible to use both EJB
roles (when appropriate) and the own security checks.
KLM> From my brief reading of JAAS, it doesn't sound flexible in this regard.
KLM> That is, the protected asset for me is data, not code, whereas JAAS
KLM> protects code. Am I understanding this correctly?
Actually in this case the EJB security model plays role rather than JAAS.
I guess, in general JAAS Credentials may contain any security related
info, for example, they might hold information about data access
rights for the given Subject. But this idea cannot be used with EJB
server, because unfortunately Subject is not accessible from beans.
Best regards,
Oleg
KLM> -----Original Message-----
KLM> From: Oleg Nitz <[EMAIL PROTECTED]>
KLM> To: jBoss <[EMAIL PROTECTED]>
KLM> Date: Monday, November 06, 2000 6:16 AM
KLM> Subject: Re: [jBoss-User] problem with ctx.getCallerPrincipal()
>>Hi jBoss,
>>
>>Keith L. Musser wrote:
>>KLM> For my application, my beans need to know who the end-user is.
KLM> When I
>>KLM> call the "getCallerPrincipal()" method in the SessionContext or
>>KLM> EntityContext, I receive "null".
>>
>>KLM> Does jBoss propagate the caller principal per the EJB spec?
>>Yes.
>>
>>KLM> If so, how can my client set it initially?
>>The simplest way: call
>>org.jboss.system.SecurityAssociation.setPrincipal()
>>on client.
>>
>>Other way: use JAAS, see
>>http://www.mail-archive.com/[email protected]/msg04170.h
KLM> tml
>>
>>Sorry, the documentation on this topic is not ready yet.
>>
>>Best regards,
>> Oleg
>>
>>
>>
>>
>>--
>>--------------------------------------------------------------
>>To subscribe: [EMAIL PROTECTED]
>>To unsubscribe: [EMAIL PROTECTED]
>>Problems?: [EMAIL PROTECTED]
>>
>>
KLM> --
KLM> --------------------------------------------------------------
KLM> To subscribe: [EMAIL PROTECTED]
KLM> To unsubscribe: [EMAIL PROTECTED]
KLM> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
