use the source luke :)
marc
|-----Original Message-----
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of B. Flaumenhaft
|Sent: Tuesday, November 21, 2000 1:28 PM
|To: jBoss
|Subject: [jBoss-User] Custom realms for security?
|
|
|
|Folks,
|
|I'm trying to sort out security issues for multiple clients to an EJB
|application server.
|
|I need to guarantee that servlets have unlimited access to certain
|session beans, and a remote Swing application has access only to
|others (depending, of course, on the identity of the user of that
|Swing application).
|
|Here's the rub: my application has thousands of users ... too many,
|that is, to define in standard role/user mappings. These have to be
|stored in a user table in a database.
|
|WebLogic supports some kind of custom realm, where I can write my own
|provider that uses entity beans (like a User bean) to implement my
|own ACL.
|
|I'm absolutely boggled that EJB doesn't support something like this.
|... Am I missing something? Does JBoss support any kind of custom
|realms like this, or is there a standard way? I can't find a single
|example of how to do this.
|
|One way would be to have a single gateway stateful session bean. I'd
|get a reference to the stateful bean, call a login () method, which
|would put it in the appropriate state. In this case, though, my
|client has to have every method go through that gateway bean, which
|seems a little bit monolithic.
|
|What am I missing?
|
|Thanks,
|Ben Flaumenhaft
|
|
|--
|--------------------------------------------------------------
|To subscribe: [EMAIL PROTECTED]
|To unsubscribe: [EMAIL PROTECTED]
|Problems?: [EMAIL PROTECTED]
|
|
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
