Re: Re[2]: [jBoss-User] problem with ctx.getCallerPrincipal()

[Dan OConnor]

Just a quick follow-up. A permission is required to call 
Subject.getSubject; in my opinion, the EJB container should not 
grant that to the executing user code by default (unportable and 
potentially insecure).

-Dan

On 6 Nov 00, at 15:14, Rickard Oberg wrote:

> > KLM> From my brief reading of JAAS, it doesn't sound flexible in this
> regard.
> > KLM> That is, the protected asset for me is data, not code, whereas JAAS
> > KLM> protects code.  Am I understanding this correctly?
> > Actually in this case the EJB security model plays role rather than JAAS.
> > I guess, in general JAAS Credentials may contain any security related
> > info, for example, they might hold information about data access
> > rights for the given Subject. But this idea cannot be used with EJB
> > server, because unfortunately Subject is not accessible from beans.
> 
> It isn't? What about Subject.getSubject() then?
> 
> /Rickard
> 
> 
> 
> 
> 
> --
> --------------------------------------------------------------
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Problems?:           [EMAIL PROTECTED]
> 




--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Problems?:           [EMAIL PROTECTED]