-----Original Message-----
From: Rickard �berg [mailto:[EMAIL PROTECTED]]
Sent: 05 December 2000 13:23
To: jBoss
Subject: Re: [jBoss-User] Security
Hi!
"Kenworthy, Edward" wrote:
> >1) The username and password you specify when creating an InitialContext
> >have *nothing* to do with authentication or authorisation for EJB
> >access, only for JNDI access. I don't know if JNP has any security
> >features at all.
>
> Actually yes they do. This isn't part of the standard, true - hence my
> question wrt jBoss, but it works like that with all the other AppServers
> I've used.
RO> Which is Bad(tm). As Toby said, unlearn that practice ;-)
Eh? How can it be bad ? The spec is just a blank - it doesn't say how to do
it, it's app server specific. What's Bad(tm) is that it's not in the spec
:-)
> >What it comes down to is that you need to implemented your own security
> >mechanisms for anything more that what the example implementations
> >provide.
>
> Do I take this to mean jBoss doesn't provide any security and you have to
do
> it yourself (jBoss just providing the hooks) or have I misunderstood ?
RO>The thing is that this is pretty new functionality, and which hasn't
RO>been properly documented yet. AFAICT (and I haven't used it myself)
RO>there *is* security available if you want to use the default
RO>implementation, which (AFAICT) is similar to the database realm in WL.
Ah! I see, thankyou. (As it happens we're using LDAP with WL).
regards,
Rickard
--
Rickard �berg
Email: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
