Raffael Herzog <[EMAIL PROTECTED]> wrote:
> The problem is, I have no idea how to authentificate the users in my
> administration app. What I want to do is to display a login dialog
> (username/password) to authenticate the user and give him access to
> the setters. I suppose, I need a Session Bean for this. But I don't
> know how to set the security context. I now included a call to
> entityContext.getCallerPrincipal() in a method of a bean and print the
> result out. But I don't get a "guest", is I expected, but a
> java.lang.IllegalStateException: no security context exists.
>
> Can anyone give me a starting point?
I think I got it! :-))) A stateless session bean which does the
authentification using whatever method you like. Afterwards, you can
set the principal:
import org.enhydra.security.avs.api.SecurityCurrent;
import org.enhydra.security.avs.api.SecurityContext;
SecurityContext ctx = new SecurityContext(username);
SecurityCurrent current = SecurityCurrent.getCurrent();
current.setSecurityContext(ctx);
But now, how do I transfer the password to the server? My first
thought was to establish a SSL connection over JEREMIE. Is this
possible? Or does anyone have a better idea?
> And another thing: My entity beans have a method update() which does
> a "batch-update" of the fields using a hashtable. I did this to be
> able to update many fields in one transaction using container
> managed transactions. If I call this method (which in turn calls the
> setters), I don't get any SecurityException as I expected. Is it
> true, that no security checking is done anymore when calling methods
> from within a bean (i.e. if the call to update() is OK, then the
> calls to set*() are OK, too)?
This question remains...
--
(o_ Raffael Herzog
//\ [EMAIL PROTECTED]
V_/_
May the penguin be with you!
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
