Colin Sampaleanu wrote:
> Is JBoss completely usable under JDK 1.2.2, including security?
>
> I am a little bit confused (and looking at the mailing list archives and all
> the documentation has not helped). The (new) documentation mentions setting
> the bean containers properly for JDK 1.2x; that is pretty clear. W/regards
> to the security on the other hand, looking at 'JBossSX Security Extension
> Framework' and 'JAAS Based Security in JBoss' it would seem like the
> security support is mostly all JAAS (which is JDK 1.3 only) based. This is
> with the exception of plugging in some sort of custom security manager and
> realm mapping based on one of the samples in
> org.jboss.security.plugins.samples.
>
> Is this the case?
I believe so.
>
> As an aside, I do not understand how security context information is
> actaully being propogated through JNP when doing a 1.1 style lookup and
> usage of a bean. The client supplies the principal and credentials when
> getting the connection, but JNP simply supplies code for doing bindings and
> lookups, and relies on builtin RMI code for support services like transport;
> when and how is security context information sent over so that it can later
> be used/validated when calling bean methods?
JNP has no role in propagating security in JBoss. JBoss provides a
SecurityAssociation class that holds the principal and credential. An
instance of this is thread-mapped and is picked up by the Proxies to be
sent along to the server.
-danch
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
