• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

How to associate web client with a security context?

 
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a servlet that calls an EJB. The servlet uses custom authentication, i.e. it does not employ container-managed security (BASIC, FORM, or CLIENT-CERT). The EJB, however, does use container-managed security.
How can I associate my servlet with a security context such that calling the EJB does not raise a "not authorized" exception?
------------------
Miftah Khan
- Sun Certified Programmer for the Java� 2 Platform
- Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please, someone.. I'd really appreciate help with this question.
In case my original question wasn't clear.. what I'm trying to do is call an EJB from a servlet. The EJB is configured to allow access only to users in role "manager". The servlet, however, doesn't utilize container managed security, and as a result, the user isn't associated with any role. How can I associate the user with a role without using web.xml-defined security for the servlet?
Thanks in advance,
-Miftah
[This message has been edited by Miftah Khan (edited October 29, 2001).]
 
Saloon Keeper
Posts: 23742
161
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Tim Holloway:
I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.


I've been practicing with both Weblogic 6.1 (evaluation) as well as Sun's J2EE Reference Implementation (version 1.2.1). Any thoughts on either of these?
 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is a tricky question. If you're protecting your web resources, why are trying to protect the EJBs? Trying to access protected EJBs from the unprotected servlets leaves room for misuse.
 
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I do not fully understand your question; however, I am attempting to answer your question:
Using the WebLogic, the role-name is mapped to principals or groups based on the security-role-assignment element in weblogic.xml. Let us say you have a role-name FOO and you want to assign this role to users John and Mark. You need to make this entry in weblogic.xml- <security-role-assignment> <role-name>FOO</role-name> <principal-name>John</principal-name> <principal-name>Mark</principal-name> </security-role-assignment>

Hoping it was a useful piece of information.
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry, the previous message looks incomplete --
You need to make this entry in weblogic.xml-
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
This is the way mapping works.
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It seems that the elements that I typed in get erased!!! Let me try again.
In weblogic.xml:
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I do not know why it gave me this. I have to describe in words instead of typing the xml elements:
Withing the security-role-name element, the role-name is FOO, and repeat the principal-name twice, one for John and another for Mark.
reply
    Bookmark Topic Watch Topic
  • New Topic