Shout Graphics -- Design wrote:
>
> Phillipe,
>
> thanks for the response. I actually know all that. But my question is:
>
> Given that I will have my SecurityService in jonas.properties, when does it
> actually get called:
> 1. During Initialization
When the EJBServer starts all declared services, it first init them, and then
start them.
When a bean is deployed (new container) SecurityService.deployBean() is called.
methodGuard and RoleGuard are initialized for that container, depending on
the bean deployment descriptor.
> 2. When a client starts accessing
At each request, the methodGuard is called to check permissions.
RoleGuard is used by isCallerInRole() method. (programmatic security check)
>
> What I need my security service to do is set the client's principle. As far
> as i can see, this needs to be done before they even try to call the
> "create" method on the BeanHome. So I want to allow a client to do the
> following:
>
> Properties props = new Properties();
> props.put(javax.naming.SECURITY_PRINCIPLE);
> props.put(javax.naming.SECUIRTY_CREDENTIALS);
> Context myCon = new InitialContext(props);
>
> Then when they call "lookup" on the BeanHome, I want to do authentication
> (NOT authorization) at that point. So my handler will create a new
> SecurityContext with that Principal and put it into the SecurityCurrent.
>
> So my question here is, when they call "lookup" on the bean:
> 1. What method( and class) in the JONAS Container is called?
none. the client accesses only the registry
> 2. Can I access the client's Context from that?
>
> After this, my question is:
> When they call a bean's method, how do I have it call my security handler
> instead of just going straight to JBeanHome which calls
> methodGaurd.checkGaurd? What if I want to do some other stuff as well? How
> do I get my handler in there?
Isn't it possible to provide your own guard ? Since guards are built by
the security service, it seems to me that you should do anything you want
at this level.
>
> Please, if you can, answer all of my questions (I know there are alot, but
> they are all necessary). I know that this whole newsgroup will benefit from
> such knowledge.
Sorry not answering before, most of us are on vacation these days...
>
> Thanks,
>
> Robert
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
--
Philippe Durieux ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bull - 1 rue de Provence - 38432 Echirolles Cedex France
[EMAIL PROTECTED]
-> Download our EJBServer at http://www.evidian.com/ejb <-
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
