Hi Rickard,
My understanding is that the Subject under which the code is
executing is not necessarily related to the Principal used by the
container for EJB security. IMHO, any assumptions about the
return from Subject.getSubject() would lead to unportable code.
The JAAS security model and the EJB security model seem to be
pretty different. The only current relevance of JAAS that I see is a
portable authentication mechanism, which is just an
"implementation detail."
-Dan
On 6 Nov 00, at 15:14, Rickard Oberg wrote:
> > KLM> From my brief reading of JAAS, it doesn't sound flexible in this
> regard.
> > KLM> That is, the protected asset for me is data, not code, whereas JAAS
> > KLM> protects code. Am I understanding this correctly?
> > Actually in this case the EJB security model plays role rather than JAAS.
> > I guess, in general JAAS Credentials may contain any security related
> > info, for example, they might hold information about data access
> > rights for the given Subject. But this idea cannot be used with EJB
> > server, because unfortunately Subject is not accessible from beans.
>
> It isn't? What about Subject.getSubject() then?
>
> /Rickard
>
>
>
>
>
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Problems?: [EMAIL PROTECTED]
>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
