Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

lazy authentication and accessing a protected EJB resource

 
jane parker
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is for my old part II assignment. I plan to use lazy authentication with only the protected pages requiring authentication using application level authentication. How do I access the protected EJBs that are being accessed from an unprotected page?For registration, I plan to use an EJB. At that point, the user is not authenticated.How do I call the EJB from an unprotected page?
 
Lann Lu
Ranch Hand
Posts: 45
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think you can do "lazy" authentication for EJB; "lazy" authentication only applies to presentation tier.

You have to explicitly set up user credential to make a EJB call from unprotected resource.

Peace,
Tao
 
J J Wright
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Surely the answer is have a stateless session bean as a facade. The stateless bean doesn't have any security constraints, so an unauthenticated client can call it. If the stateless facade needs to invoke other beans that do require the client to be authenticated and authorized then just use the run-as deployment descriptor element.
 
jane parker
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic