Re: Tuscany client side authentication best practice?

Mon, 31 Mar 2008 16:21:07 -0700 

Hi,
If I understand your question correctly, you're looking for a way to keep some state data (authenticated subject) for SCA components. Please correct me if otherwise. 


The Java implementation type supports all of the scopes defined in the Java 
Common Annotations and API Specification: STATELESS, REQUEST, CONVERSATION, 
and COMPOSITE. Implementations specify their scope through the use of the 
@Scope annotation. For stateless components, you need to pass state data 
back and forth like the HTTP cookies. If the scope is COMPOSITE, there will 
be one instance for the whole composite. REQUEST for the same request and 
CONVERSATION for the same conversation. You can use these component 
instances to keep some state data in the given scope.



BTW, SCA uses intents and policySets to support declarative security. You 
can find more details at [1]. Are you interested in this perspective too?


Thanks,
Raymond


[1] 
http://www.osoa.org/download/attachments/35/SCA_Policy_Framework_V100.pdf?version=1.


--------------------------------------------------
From: "Sun Yang" <[EMAIL PROTECTED]>
Sent: Sunday, March 30, 2008 8:08 AM
To: <[email protected]>
Cc: <[EMAIL PROTECTED]>
Subject: Tuscany client side authentication best practice?


Hi,
I want to know whether Tuscany provide any best practices for client side
(c/s architecture) authentication. Could any one help?

In the EJB world, we could use a stateful session bean to achieve client
side authentication and keep the user authenticated in the same session.

Otherwise, we cannot cache the authentication result in the server side 
and

have to transfer the credential information in every call.

I am not sure whether there is some kind of best practise to achieve the
same goal as stateful session bean provides? Could I use a ejb client to

connect to the SCA domain with a service backed by a stateful session 
bean?


Thanks for your help.

Best Regards,
Yang Sun



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to