Hello Jeff, Just to be clear, I never said an application should not have access to the list of users. In fact there is good reason to have such a function as you described. What I am saying is that no web application (i.e. servlet, jsp, etc...) should be able to directly access the container managed security implementation. In your case, your application should not be talking with the realm. The notion of a realm should not even be accessible to your application.
That said, your usecase is valid, so the question remains. How to allow an administrator access to user accounts. The answer is to provide this function as part of your application. To be more clear. Develop your application to access the store of user data. You mention that you do not want your application to be dependant on LDAP directly. So don't let it be. That's the beauty of OOD. Develop a layer between your web application and the actual LDAP code. Your web application get account info from this layer; which in turn talks to the your persistent store du jour. What should be obvious to anyone reading this, that what you need is to develop some EJB's that do this. That is what JBoss is for. Again, if you need more detail, let me know. happy ejb'in, cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3942859#3942859 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3942859 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
