Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

JAAS and stateful session beans  RSS feed

 
Jay Sam
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am using JAAS to authenticate to the EJB tier.

I will then, from the client, call: Subject.doAs(subject, action);

Now imagine the following scenario:
1) client calls servicelocator and gets reference to stateful session ejb
2) client authenticates with security credentials through jaas, with user "anonymous"
3) client invokes methods on stateful session ejb using "Subject.doAs", some conversational state has been built up on behalf of the client in the stateful session ejb
4) client decides to authenticate as a new, more privileged user
5) client authenticates as new user, gets new subject this way
6) client continues to invoke methods on the OLD stateful session ejb with the NEW subject

Questions:
1) is all of this possible ?
2) is the way I use the service locator correct, or should I design this differently ?
3) is it possible to use the conversational state of the OLD stateful session EJB with the NEW subject ?
4) with this form of authentication, will I always have to invoke methods with doAs(subject, action) lines ?

Regards,

Jay
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!