Scott, I do want to deal with JAAS on the client side (I want to use JAAS for authentication). But I also have a requirement for a multi-threaded and multi-user EJB client application and I am trying to understand how, within the same EJB client (same JVM) I can deal with multiple authentication across multiple threads. The multi-threaded capabilities of the ClientLoginModule is giving part of the answer, but not completely. I was actually hoping to have something "a la" Subject.doAs of JAAS which basically allows me, at any point in time and in any threads, to decide what is the subject used to execute a particular action. Subject.doAs is a little painful to deal with as all the business logic must be wrapped into PriviledgedAction, but something simpler where the Subject for the current thread can be set will be nice.
Actually, after going through some of the JAAS documentation and spec, I do not think that the intend was for LogingContext.login to set the identity (for the current thread or process). LoginContext.login is just to authenticate the user (and produce a resulting Subject) and then Subject.doAs is the call really setting the Subject for a specific action. I agree, in a J2EE client/server environment, the mapping is not that easy to do (and it is not like if the J2EE spec clearly stated how to do it....). Nonetheless, in a multi-tier environment, I can definitely see some needs for J2EE clients that must managed multi users and threads at the same time, in the same process. By the way, both WebSphere and WebLogic provide such mechanism (some kind of runAs mechanism). WebSphere does it very nicely, I think, since, without and explicit runAs (or setRunAs to set a subject as the "current" subject for the thread which is really making it easier), calls to the server are done as unauthenticated calls. This allows the application to be in full control of the security context (identity) used to invoke the server. Thomas View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3882688#3882688 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3882688 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
