Shout Graphics -- Design wrote:
>
> Phillipe,
>
> Thank you very much for the answers, it clears up most of my questions.
> Sorry for bothering you guys on vacation!
>
> There are just two questions that were not quite answered (i think I wasn't
> too clear, sorry).
>
> 1. When the methodGaurd.checkGaurd() is called (or at any time), can I
> access the client's Context? I mean since I'm in the context of the
> ejbserver, is the client's context Hashtable available?
>
When you call checkGuard, you have access to the security context. Just
look at the standard version of this method:
You don't have acces to client initial context (what context are you talking
about ?)
public void checkGuard(Object methodSignature) throws SecurityException {
Trace.outln(trace, "MethodGuard.checkGuard()");
boolean isAuthorized = false;
String[] roles = (String[])methods.get(methodSignature);
//if no roles, everyone can access the method
if (roles.length == 0) {
Trace.outln(trace, "access to method not protected");
return;
}
// verify if principal has at least one of the roles
SecurityCurrent current = SecurityCurrent.getCurrent();
SecurityContext ctx = current.getSecurityContext();
if (ctx == null) {
Trace.outln(trace, "no security context exists");
throw new SecurityException("no security context exists");
}
Principal principal = ctx.getCallerPrincipal();
RoleMechanism roleMechanism = RoleMechanism.getInstance();
isAuthorized = roleMechanism.isCallerInRoles(principal, roles);
if (!isAuthorized) {
Trace.outln(trace, "not authorized to access Method");
throw new SecurityException("caller not authorized to access the method");
}
Trace.outln(trace, "authorized to access Method");
return;
}
> 2. Is the first time that any contact from the client hits JOnAS, when they
> call "create()" on the Home stub (the remote reference from "lookup())"?
> What is the first time that they hit JOnAS? And what is called?
Not necessarly create. The client can access Jonas with a finder method, or
even directly on a bean if he got the reference from a handle or from another
client or another bean. When a client enter jonas, the code that is always called
is "preinvoke()". Look at a generated class. The code is more or less like this:
RequestCtx rctx = preinvoke(0, methodSignature) ;
try {
method call ...
} finally {
postinvoke(rctx);
}
>
> Also, how does it call the Jonas<MyBean>Home instead of <MyBean>Home?
<MyBean>Home is only an interface, it's not an implementation.
Jonas<MyBean>Home is the actual remote object that is registered in registry.
>
> Thank you for all your help and patience. When I get this all figured out
> and built, I will post all of my findings.
>
> Robert
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
--
Philippe Durieux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bull - 1 rue de Provence - 38432 Echirolles Cedex France
[EMAIL PROTECTED]
-> Download our EJBServer at http://www.evidian.com/ejb <-
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
