Hi, we're trying to build a security model for our J2EE application. I'm studying that, once a client has been associated with a Principal object, any call to any method in the Remote Interface results in an implicit propagation on the Principal object to the EJB Server. Few questions:
1) Once a client is associated with a Principal, is it true that it's enough to call the getCallerPrincipal() method on the Context object in order to have the principal object? 2) If we declare security-roles in the deployment descriptor, will the container intercept each monitored call against the Principal object implicitly propagated with the caller? 3) One possible idea would be to use JAAS to associate a Principal to a client, and if the reply at 2 is 'yes', then it's a matter of implementing the right declaration in the deployment descriptor. Does it seem a good approach, considering that we want absolutely to keep our security implementation 'container-independent'? Thanks for any help, Marco ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
