OK, I'm a little confused, so please everyone excuse my pestering.
I have a few questions about how to make my own security handler for JOnAS
to handle authorization and mapping of a client to my beans.
1. JOnAS Docs say that authorization should be handled by the client. This
is a bit confusing to me: who would ever allow a client to tell them whether
or not that client is allowed to access anything in their own server? Why
would my EJBServer allow clients to tell me they're authorized? Shouldn't my
server handle that?
2. Right now JOnAS does not do any security checking on clients, and is
using JonasSecurityServiceImpl. So if there is no checking going on, how do
I do it by supplying my own class? How / When will my security service be
called? And how does it get the principle / role / password, etc from the
client? Does the client haveto "log-in"?
3. Where do I have to put my SecurityService when it's compiled?
4. Where are the JOnAS classes located? In a jar? Which one? All I see is
RMI_Jonas.jar (and jeremie). Is that all the JONAS classes?
5. Where do I map up the particular beans users / roles with those that my
server recognizes? And what are those that my server recognizes? Do I have
to map it to the OS users? And if so, how?
Thanks to everyone,
Robert
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
