I am trying to create a security handler, and had a few ideas I wanted to
bounce off everyone.
First off I was going to make my "authorizer" (the object to which you
auth.login(usrname, passwrd) for authentication) use an encryption
interface. This way, you can set up your own security implementation using
this, and my current one will simply have methods like encrypt(Object obj)
return obj as an Object without any change, but will allow you to change it
in your own implementation.
Second, I wanted to make it so a client can login and then be authorized
from then on while using the same context. So I wanted a person to be able
to do something like this:
InitialContext myContext = authObject.login(myusername, mypassword);
In other words, my login feature returns an initial context. So I have a few
questions about this:
1. will this conflict with JOnAS and how it returns InitialContext? Can I
return a valid JOnAS context from my security handler?
2. Can I wrap the authorization into InitialContext?
a. I was thinking of doing this by using: addToEnvironment(String
propName, Object propVal)
1. this is a method of InitialContext (and then I'd standardize the
name of course)
3. How would I then have all calls to the bean (done through the context of
course) routed through my security handler so i could extract that
environment object "propVal"?
a. I was thinking of making my own object that would hold the encrypted
values and encrypted as to whether they're authorized or not.
Anyone have any ideas / suggestions? is this a dumb way of doing it? Does it
have potential? Does anyone out there want to help me on this?
Robert Paris
----
This list is cross-posted to two mail lists. To unsubscribe,
follow the instructions below for the list you subscribed to.
For objectweb.org: send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe ejb-container-group".
For enhydra.org: send email to [EMAIL PROTECTED] and include
in the body of the message "unsubscribe ejb-container-group".
