Folks,
I'm trying to sort out security issues for multiple clients to an EJB
application server.
I need to guarantee that servlets have unlimited access to certain
session beans, and a remote Swing application has access only to
others (depending, of course, on the identity of the user of that
Swing application).
Here's the rub: my application has thousands of users ... too many,
that is, to define in standard role/user mappings. These have to be
stored in a user table in a database.
WebLogic supports some kind of custom realm, where I can write my own
provider that uses entity beans (like a User bean) to implement my
own ACL.
I'm absolutely boggled that EJB doesn't support something like this.
... Am I missing something? Does JBoss support any kind of custom
realms like this, or is there a standard way? I can't find a single
example of how to do this.
One way would be to have a single gateway stateful session bean. I'd
get a reference to the stateful bean, call a login () method, which
would put it in the appropriate state. In this case, though, my
client has to have every method go through that gateway bean, which
seems a little bit monolithic.
What am I missing?
Thanks,
Ben Flaumenhaft
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
