"roxburd" wrote :
| Surely, EJBs should be application components which may be shared between
different applications - e.g. different WebApps. These different WebApps will
probably use different security-domains...
|
| For example, my EJB is used both by an administrator via a admin Web App
and regular users via a users Web App; each of these Web Apps are configured
with their own security domain. As far as I can tell, since the target EJB has
been configured ('hard-wired'?) to use a specific security domain, it then
cannot support both Web Apps - and my system design falls apart.
>From your example it is not clear, why do you need different security domains
>for simple role based access control. The J2EE security model supports your
>example as the main use case. You fix method-role association at deployment
>time (inside deployment descriptor) and have freedom in user-role associations
>at run-time. The server side security interceptor (and correspondent security
>manager) will get the set of roles, to which the method invocation is
>permitted, and will get the set of roles for the particular user, which is
>making the call. If the interception of these sets is not empty, the call is
>allowed. In other case the exception will be thrown (SecurityException in
>default security interceptor). This scenario is strait forward and the most
>often used.
I think that different security domains are aimed to cover another
requirements. In may opinion, it is better to think about them, as something
like Windows or UNIX security domain. When you are trying to get access to
another security domain, you should be authenticated separately, and your new
credentials will be kept in new security cache, etc. (even if this process is
hidden, and you are not aware about it). Scott, am I right? It means that each
call from your web application should login to EJB container (in your case)
separately and explicitly. I think it is possible, but personally I have never
done such variant, and it requires additional investigations.
Best regards,
Alexander
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856235#3856235
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856235
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
