1. Webapps are web clients, not application clients. Webapps should therefore use the security mechanisms provided by the J2EE specs. i.e. you define the realm and roles to use in the web.xml and jboss-web.xml JAAS and the servlet container do the rest. The security context is automatically propagated with your EJB calls. That means in web clients there is no code necessary. It is pure configuration.
2. Yes. You can also define a dynamic login config, so you are able to deploy the config with your application. see http://wiki.jboss.org/wiki/Wiki.jsp?page=DynamicLoginConfig 3. This is the configuration for JAAS. RTFM at http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html 4. Of course. We call this a "role". Access control is enforced on session beans. Not sure if you can enforce it on entity beans, too. Check the specs. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3907212#3907212 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3907212 ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
