Robert Paris

Ranch Hand
+ Follow
since Jul 28, 2002
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Robert Paris

yeah, but it's non-portable across containers. I'm really dissapointed by the poor security api for web apps in java.
19 years ago
I want to define my own login method (i.e. there's the built-in form-login which uses j_security_check for example). How would I do this? Is there a J2EE standard for this?

I originally was OK with using j_security_check because I thought I could put a filter on it (I need to hash the password passed in for comparison to the hashed password in the database), but that's not possible. Ideally I want to require a certificate and username and password (and I'll hash the password) but I can't do this with built-in J2EE security (WHY?! it wouldn't have been hard to make a generic interface that gave flexibility). Anyone know how I would do this?

I know how to get the user/pass, etc but I don't know how to associate it with the container - which is the big hang up here. I want to be able to tie it in. Argh!

Thanks!
19 years ago
I added a filter and tried two different URL mappings:
/*
and
/j_security_check

When I do the second one ("j_security_check") my filter is never called (even though a form posted to that URL) and if I do the first, it is called but I cannot get the password/username. I want to intercept the request BEFORE it gets to j_security_check. Is there a way to do this?
19 years ago
Is ther a way for a bean (in a method) to know which interface was used? For example:


or something like that...

Originally posted by Adeel Ansari:
Where is the problem.
Tell the details

[ May 17, 2005: Message edited by: Adeel Ansari ]




That is NOT a good description of my post. There's nothing more to be descriptive about.

there is a method: isUserInRole() which checks if a user has the role you pass that method. I want a method that retrieves all the roles the user has/is a ameber of. I cannot find such a method. Is there one?
19 years ago
JSP
in the properties for your initial context you need to set the following:

java.naming.factory.initial
java.naming.factory.url.pkgs
java.naming.provider.url
(and for some vendors, they also require a few others including security settings like Principal)

for JBoss (as an example) the above would be:

[ May 12, 2005: Message edited by: Robert Paris ]
Is it possible to global entries in the deployment descriptors? I want a property set that is available to all my beans. I know this is possible in the web app (i.e. available to all servlets), is it for ejb's too?
I know how to check that a user is in a role via: isUserInRole(), but how do I list all of the user's roles?
19 years ago
JSP

However the real question is whether synchronized block of code might be allowed or not with ejbs.




Sort of, the question is more: with JNDI, can an object obtained through jndi.lookup be protected by locks even if accessed from diff. JVMs?

Generally speaking is better to use the synchronizedCollection() method of the Collections class:



But that's what I did. The Java API JavaDocs say:


[ May 11, 2005: Message edited by: Robert Paris ]
I know the spec says you can't use the word synchronized, but is that just on EJB objects/methods? Can I have something like:



The list is not managed by the container, and it has no EJBs in it. Can I use synchronized on it while iterating through it and adding to it?
BCEL will do a few things:

1. Since you're dealing with byte code, it's much faster when the method runs (since it's just executing the calls you added)
2. Be a pain in the butt to work with. TRUST ME.

However, if runtime performance is MUCH more important than development ease/speed, go with BCEL.
19 years ago

Originally posted by Jeanne Boyarsky:
Robert,
Yes it is allowed. Whether it is a good idea or not depends on what you do in the static section.



Thanks!