Hi Scott
>> >I am working on a prototype that uses JAAS and a delegation model to
allow
>> for security
>> >that is a function of the the bean or arguments passed to a bean method.
It
>> could easily
>> >support the runAs user behavior your looking for. It will probably be at
>> least a week before
>> >I have even the preliminary prototype.
>>
>> The spec already allows this doesn't it ? Check isCallerRole() and
>> getCallerPrincipal().
>>
>This functionallity is not adequate in general. Checking the caller role or
principal does
>not allow for validation of a permission check that is a function of the
object being
>accessed. For example, a document repository can have a folder for
architectural
>blueprints that only users with the role Architect can write to. This
permission is
>attached to a specific path or object, not the bean class.
I could be wrong, but I don't think Keith was talking about EJBs accessing
external resources.
Edward
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
