Originally posted by Manju Karthik:
Hi,
This link explains declarative security for web applications and also how the users can be mapped to one role "Weak authentication". Hope this helps for those who have questions regarding declarative sec for web apps.
http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html
-Manju.
Originally posted by neelArchitect saha:
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication
Originally posted by Manju Karthik:
Question on class diagram... Did you show attributes and operations in your class diagram. How abt composition/aggregation??
Originally posted by Manju Karthik:
Understand that declarative security is for protected resources, which is specified in deployment descriptor. The users and user-role mapping are done via the app server console.
But, what about the end users userid/password which are stored in application database. When a login screen is provided, the user enters his user id and pwd (which the user himself had chosen during the registration process). The details provided will be verified with the userid/password stored in application db right? How is this userid mapped to the role for declarative security???
Originally posted by neelArchitect saha:
what is the role of intereception filter,if i do authentication and authorization in front controller itself?
can i use both intereception filter,and front controller both.is it good design.