Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authenticating with EJB tier/JAAS - 2 different ways ?

 
Jacob Lyang
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
there seem to be 2 different ways of authenticating with JAAS and
making secure calls to EJBs:

Way A:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) make calls to ejbs with the Subject.doAs(subject, action) construct

Way B:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) just make calls to the ejb without using the construct. Example:
myEJB.methodA();

Way A is described on many sites.
Way B is published in the new Ed Roman book (3rd Edition)

Are both correct ?
I would be more confident knowing an example directly provided by Sun,
or having sources from Sun Microsystems for this.
Although I think Ed Roman knows what he is doing, it seems too easy
for me and I ask myself if something changed in EJB/JAAS between the
2nd and 3rd Edition of the book ?

Regards,

Jay
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic