Hi,
I am trying to learn how JBoss security and JAAS would work together within my
application which will be a Rich Client communicating with EJBs in JBoss
(EJB3). I am new to JavaEE so I apologise in advance if I use the wrong
terminology or don't explain the problem very well. (BTW: should I be posting
to the newbie forum?)
I understand that my rich client can use JAAS to login to a JBoss application
server using a LoginModule. Once the user is authenticated then it is possible
to use security roles in the EJB code to ensure proper authorisation like this:
| if(ctx.isCallerInRole("admin")) {
| //access resource
| }
|
What I also need is similar code in the Rich Client. As a simple example I
want to enable a "Admin" menu if the user is in the admin role. I assume I
must use JAAS directly here - doAsPriliveged() maybe? Even if doAsPrivileged()
is the correct way to do it, due to the following article
(http://today.java.net/pub/a/today/2006/09/14/using-jaas-in-ee-and-soa.html) I
am concerned that there will be unmanageable inconsistencies.
Given my requirements and the concerns regarding JAAS and JavaEE integration
maybe a custom authorization mechanism would be better?
At the moment, I am very confused about how JAAS and JavaEE integrate together.
I would be able to answer some of these questions myself by prototyping my
scenario but my company isn't at that stage yet and I need to provide some
words on this! Any help would be appreciated.
Thank you,
Paul Drummond
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973223#3973223
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973223
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
