• Post Reply Bookmark Topic Watch Topic
  • New Topic

Newbie's Question on EJB Security

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I am using an application client (J2SE java classes) to access EJB in another machine, how should I do authentication in the J2SE classes so that the EJB can tell which role the user is logged into and carry out all those security checking defined in the <method-persmission> tags?
 
Ken Loh
Ranch Hand
Posts: 190
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you talking from JAAS point of view ?

Originally posted by Alec Lee:
If I am using an application client (J2SE java classes) to access EJB in another machine, how should I do authentication in the J2SE classes so that the EJB can tell which role the user is logged into and carry out all those security checking defined in the <method-persmission> tags?
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont know about JAAS and is just using ordinary java classes in J2SE to lookup a remote session bean through JNDI. So does it mean that if I want to propagate some security info to the remote session bean from my POJO, I must learn and use JAAS?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!