Ah ok, well that leaves me with a puzzle then. I log in as me,
EdwardKenworthy, and my beans have access set to allow the role of
EdwardKenworthy - but I get a security exception when I try. (If I remove
the security entries from the ejb-jar.xml then, as you would expect, I can
access them).
This is what led me to the conclusion that username != role. But you're
saying it does ? (I am using username == password).
-----Original Message-----
From: Maddison, David [mailto:[EMAIL PROTECTED]]
Sent: 08 December 2000 09:51
To: jBoss
Subject: RE: Re[4]: [jBoss-User] Security
>>Ok, I think I understood that. But I'm still not sure where I actually
setup
>>my users' roles. Or are you saying that for your simple
JaasSecurityManager
>>you can't define roles ?
Your right, by default jBoss uses the JAAS login module
SimpleServerLoginModule, which has a VERY simple algorithm :
1) If the password is NULL log the user in and set the role to guest
2) If the username is the same as the password, log the user in and set the
roles to guest and user
So the only roles that you can map method-permissions to are guest and user
IF you using the default security.
Of course more authentication and realm mapping modules need to be written,
(Database, LDAP, NT DOMAIN), and thanks to the plug-in architecture of jBoss
+ JAAS, it's fairly easy to do.
>> In which case, err <scratches head> how can it work
By default it's not very flexible I admit, but the framework is there now ;)
David Maddison
<< jBoss Evangelist >>
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
