Nice answer, Nathan!
Adam, he's right.
This is somewhat of a bug, actually. The sample9a in the JRun samples dir
shows how to do both types of authentication (uses simple BASIC or FORM
auth. for the Web part, but you get the idea). This is something that'll be
fixed in a future release, hopefully SP2. We call it "single sign-on."
Basically, the way it will work is that whether a user logs into the app
server via the Web container or the EJB server, once s/he's been
authenticated, that authentication context should be automatically
propagated to any other component that the user's request accesses in either
container. That is, any separation of Web container and EJB container
should (and will) be transparent to the user, and to the application
developer.
Scott Stirling
Allaire Corporation
http://www.allaire.com/developer/jrunreferencedesk/
> -----Original Message-----
> From: Bryant, Nathan [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, November 16, 2000 10:51 AM
> To: JRun-Talk
> Subject: Re: ejipt security
>
>
> hi,
>
> > Does anyone know the interface you must implement in order
> to use your own
> > custom Authentication and Authorization in the EJB environment?
>
> Start out by looking in the samples guide; there are several
> samples which use custom
> authentication. You will need to implement a user entity
> bean, a role entity bean, a login
> session bean. Each has a few specific method signatures that
> must be present, but not
> particular interface that has to be implemented. For the user
> and role entities, the idea is
> that the primary key is the principal name. But make sure you
> define a getName() method as
> well.
>
> > I would like to use the same source for EJB and Web-Content
> Authentication
> > and Authorization. For the Web-Content I found the interface
> > allaire.jrun.security.AuthenticationInterface, but I have yet to see
> > something similar for the EJB side of the house.
>
> You can't use the same source; you'll have to implement two
> different authentication
> managers. For my app I did entity beans which talk to a SQL
> database for usernames and
> passwords, and for the web-app side, an implementation of
> AuthenticationInterface which
> queries those beans.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
