Hi, I have just read an article on javaworld about j2ee/jaas.
I understand that there will be apps that do care about the method level security of enterprise beans. be it session or entity. With entity beans, probably, this is J2EE answer to cope with database level user permissions. But most apps hardly need this method level restrictions. All they are concerned about is the security at the WEB layer. I just want my application to be secure in terms of USERs/ROLEs at WEB layer where i can specify that action A can be called by Role R and that's it. Which session bean they call and further which entity bean gets called. I don't care. But i think that this way my enterprise beans can be called by anyone. Now what i want is something like this that every request to enterprise bean carries 1 ROLE defined by me in my WEB APP. All of my enterprise beans will be security-constrained by that 1 ROLE. How can i go about it? Please comment if you find that my approach is wrong. Please suggest what should i do then. Any help or pointers. Navjot Singh View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3839977#3839977 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3839977 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
