This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JAAS and stateful session beans

 
Jay Sam
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using JAAS to authenticate to the EJB tier.

I will then, from the client, call: Subject.doAs(subject, action);

Now imagine the following scenario:
1) client calls servicelocator and gets reference to stateful session ejb
2) client authenticates with security credentials through jaas, with user "anonymous"
3) client invokes methods on stateful session ejb using "Subject.doAs", some conversational state has been built up on behalf of the client in the stateful session ejb
4) client decides to authenticate as a new, more privileged user
5) client authenticates as new user, gets new subject this way
6) client continues to invoke methods on the OLD stateful session ejb with the NEW subject

Questions:
1) is all of this possible ?
2) is the way I use the service locator correct, or should I design this differently ?
3) is it possible to use the conversational state of the OLD stateful session EJB with the NEW subject ?
4) with this form of authentication, will I always have to invoke methods with doAs(subject, action) lines ?

Regards,

Jay
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic