Good Day,
It is possible for rich clients to make use of JAAS on the client and on the server side
to perform authentication and authorization.
Client
-------
1. Use the JBoss client login module (org.jboss.security.ClientLoginModule) to collect
the user name and password and to associate them with the caller.
2. Perform a normal JAAS login
3. Make a call to a server side EJB session bean to retrieve the roles that the current
user has.
4. Use the roles returned to enable menu items.
Server
--------
1. Configure a JAAS configuration for you J2EE application and assign the login modules
that will authenticate and authorize.
2. Program the security permissions required by the session bean methods either
programmatically or declaritively.
3. Provide a method on one of the session bean methods to get the caller principal from
the caller. Using this principal, retrieve the roles that the user has and return them to
the client.
CallerPrincipal
----------------
There are posts (made by me) on this forum concerning how to get the CallerPrincipal to
contain a principal object that can be used in the session bean for just this type of
scenario.
Acegi
------
Acegi is a framework that makes security easier in SpringFramework applications. If you
are using this framework then consider using the AuthorityGranter for the portion in the
client that retrieves roles from the server.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975315#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...