Security
----- Original Message -----
>From: Ivan Bolcina
>1.
>How to set up simple authentization for users, so that only users in some table in
>database are allowed to connect, >but guest is
disabled. I only want to protect InitialContext from unknown users. What happens if
jboss is using >JAAS and client is not? Is
client allowed to connect?
The InitialContext is not secured. If you need to do that create your own
InitialContextFactory
to wrap the JBoss InitialContext in whatever security you require.
If JAAS is configured on the server and EJBs have setup security-roles and method
permission requirements, clients have to pass valid security credentials to access the
EJBs.
>2.
>Plus additional question.
>Suppose :
>EJB1 ---> EJB2 --> EJB3 ---> DB
>EJB4 ---> EJB5 --> EJB6 ---> DB
>I would like to make avaliable to public only beans EJB1 and EJB4. How?
You have to secure EJB1 and EJB4 with a role that clients are capable of
authenticating as. You would have to secure EJB2, EJB3, EJB5 & EJB6 using
a role that clients are not capable of authenticating against, but that EJB1
and EJB4 are. EJB1 and EJB4 would then have to login as this protected
identity prior to accessing the next EJB.
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
