Re: [jBoss-User] Custom realms for security?

Tue, 21 Nov 2000 14:17:11 -0800 

At 01:27 PM 11/21/2000 -0800, you wrote:
>
>Folks,

<snip>

>I'm absolutely boggled that EJB doesn't support something like this. 
>.... Am I missing something? Does JBoss support any kind of custom 
>realms like this, or is there a standard way? I can't find a single 
>example of how to do this.

I'm not an expert in EJBs by any means, but I know a little about ACL products (My day 
job is involved with IBM's Tivoli SecureWay Policy Director). 

My understanding is that it's widely acknowledged that one of the shortcomings of the 
current EJB specs is that it does not standardize how clients are authenticated and 
authorized. Nor does it standardize the propagation of credentials. 

There is a spec called, appropriately enough, the Java Authentication and 
Authorization Service (JAAS). It's in "Early Access" mode right now, but if you have a 
(free) Java Developer Connection ID, you can access it at: 
http://developer.java.sun.com/developer/earlyAccess/jaas/index.html

Like other Java APIs. JAAS defines a generic programming interface that applications 
use and then a Service Provider Interface so that vendors can plug in their own 
authentication and authorization technologies into it.

One gets the impression that the only reason JAAS is not in the EJB/J2EE foundation is 
that it just wasn't ready for prime time yet. But it's unclear to me how JAAS relates, 
if at all, to EJBs existing security mechanisms for controlling access to the EJB's 
business methods. 

For now, I'd check out JAAS and see if you can write some glue code to plug your user 
DB into the JAAS SPI. 
========================================================================
Calvin Powers                                             current events
mailto:[EMAIL PROTECTED]                           cultural phenomena
http://www.sff.net/people/powers                            true stories
"cannon fodder in the culture war"        http://www.StuckInTraffic.com/
========================================================================


--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Problems?:           [EMAIL PROTECTED]

Reply via email to