SG wrote:
> ...
>
> We also do not want to make
> every subject have two Principals in it just to simluate the mapping. And we
> don't want the mapping to live outside the Subject (as that violates JAAS).
> So how do we authenticate / authorize that user?
>
> Normally, I would say that we make them sign in with the username of "Fred",
> but the problem is then we must pass "Joe" to the bean!! (As the developer
> in EJB specs, has the right to hard-code Principal names into their code).
> How do we do this if all our security decisions are suppossed to go through
> Subject? And it seems messy/un-secure to make them put in (or the server to
> put in) two Principals and only have to authenticate one.
Hi Robert,
What you need to solve your problem is to perform some principal mapping (as you
mention it). The EJB spec says that principal mapping may be achieved by the
underlying security infrastructure, and that it is beyond the scope EJB
specification, so there will not be "standard" solutions to achieve that in the
EJB server ... I do not know how principal mapping should be achieved when using
JAAS, but this should certainly be the solution ...
Regards,
Fran�ois
--
==================================================================
Fran�ois EXERTIER Evidian (Groupe Bull)
1, rue de Provence, BP 208, 38432 Echirolles cedex, FRANCE
mailto:[EMAIL PROTECTED]
http://www.evidian.com/jonas http://www.objectweb.org/jonas
Tel: +33 (0)4 76 29 71 51 - Fax: +33 (0)4 76 29 77 30
==================================================================
----
To unsubscribe, send email to [EMAIL PROTECTED] and
include in the body of the message "unsubscribe jonas-users".
For general help, send email to [EMAIL PROTECTED] and
include in the body of the message "help".
