Hi Scott, Scott M Stark <[EMAIL PROTECTED]> writes:
> Filters are logically equivalent to the ejb interceptors on which > the security proxy is based. I'm hip to using a filter, but does it make sense to obtain, continuing the example below, the customer ID from the authenticated Subject, as some type of Credential maybe? What would be involved to make that happen -- would I have to write my own LoginModule? Thanks, Jim > On Friday, May 2, 2003, at 08:08 AM, Jim Crossley wrote: > >> Hi, I'm sure other people have solved this problem, but I can't find >> any applicable solutions in the forums/archives. >> >> The J2EE role-based authorization model doesn't seem to address the >> problem of say, preventing a user in the "customer" role from seeing >> customer data other than his own. >> >> I understand the SecurityProxy class was designed to help with this, >> but I'm looking for something I could use in a servlet instead of an >> EJB. >> >> Any suggestions are welcome! >> >> Jim ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
