RE: [jBoss-User] JAAS security, login mechanism

Sun, 04 Feb 2001 08:08:29 -0800 

Hi Rickard,

That's indeed very simple. But it makes me
wonder if I could run into trouble when I
use this mechanism within a servlet. How
do I avoid that I have to login over and
over again? Because I think I do not have
any control over the thread my servlet is
running in. Or am I approaching this issue
from the wrong side?

Background: I want to set up a website
with authorization and use the mechanism
to have control over what my users are
allowed to do and what not.

Any suggestions, fingerpointings or hints are
much appreciated.

Regards,

   Cor.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rickard Öberg
Sent: Sunday, February 04, 2001 16:58
To: jBoss
Subject: Re: [jBoss-User] JAAS security, login mechanism


Hey

Cor Hofman wrote:
> When looking at the client code doing the login and
> creating the Session bean seem two completely disjoint
> operations. How does the server know that a login
> applies to a session bean I created? The articel suggests
> that the code to execute basically boils down to the following
> (all details are excluded, like setting up the handler as well
> as the try and catch mechanism):
>
> //
> //      Do the login
> //
> LoginContext lc            = new LoginContext("TestClient", handler);
> lc.login();
> //
> //      Create the bean
> //
> InitialContext jndiContext = new InitialContext();
> StatelessSessionHome home  = (StatelessSessionHome)
> jndiContext.lookup("StatelessSession");
> StatelessSession bean      = home.create();
>
> How does the StatelessSession bean called "bean" get
> associated with the login()?

The login information is associated with the current thread (or the
entire JVM; same principle though). When you call a bean this
information is used for authentication by the bean's stub object ("bean"
above).

It's that simple :-)

regards,
  Rickard

--
Rickard Öberg
Email: [EMAIL PROTECTED]



--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
List Help?:          [EMAIL PROTECTED]




--
--------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
List Help?:          [EMAIL PROTECTED]

Reply via email to