Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within EJB and other Jakarta /Java EE Technologies Search Coderanch
Advance search Google search
Register / Login
polymorphism book review grid granny advertise on coderanch thread boost
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
meaningless drivel thread boost advertise on coderanch book review grid building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
Bartenders:
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

Doubt regarding configuring Authentication System for JEE application (Web + EJB)

 
B Nirvan
Ranch Hand
Posts: 82
posted 11 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi,
I have an application with JSF as view and EJB for the model. I need to authenticate the users on both the web tier and EJB tier. Ideally I would authenticate the user on the web side and propagate the authenticated principal to the EJB tier. My doubt is whether I have to include the Security configuration on both web and EJB tier or is it enough to have it configured on the web tier(web.xml) and the container then propagates the authenticated principal to the EJB tier.

regards,
Nirvan.
 
Thiago Alves de Moraes
Greenhorn
Posts: 8
posted 11 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi Nirvan!
Once the user (web tier) has been authenticated via JAAS, the client can call ejbs securely. The authentication is propagated to the ejb upon method invocation.

You should supply different configurations for the web and EJB tiers.

In the web.xml you specify the the authentication method and security constraints for your pages.

In the EJB deployment descriptor (or annotations ) you specify the security roles allowed for method invocations.

They share the same authentication but the configuration is different.

--
thiago moraes

 
B Nirvan
Ranch Hand
Posts: 82
posted 11 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Thiago,
Thanks very much for the explanation. Doubt resolved.

regards,
Nirvan
 
Don't get me started about those stupid light bulbs.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...