Hi,
I am trying to learn how JBoss security and JAAS would work together within my application
which will be a Rich Client communicating with EJBs in JBoss (EJB3). I am new to JavaEE
so I apologise in advance if I use the wrong terminology or don't explain the problem
very well. (BTW: should I be posting to the newbie forum?)
I understand that my rich client can use JAAS to login to a JBoss application server using
a LoginModule. Once the user is authenticated then it is possible to use security roles
in the EJB code to ensure proper authorisation like this:
| if(ctx.isCallerInRole("admin")) {
| //access resource
| }
|
What I also need is similar code in the Rich Client. As a simple example I want to enable
a "Admin" menu if the user is in the admin role. I assume I must use JAAS
directly here - doAsPriliveged() maybe? Even if doAsPrivileged() is the correct way to do
it, due to the following article
(
http://today.java.net/pub/a/today/2006/09/14/using-jaas-in-ee-and-soa.html) I am
concerned that there will be unmanageable inconsistencies.
Given my requirements and the concerns regarding JAAS and JavaEE integration maybe a
custom authorization mechanism would be better?
At the moment, I am very confused about how JAAS and JavaEE integrate together. I would
be able to answer some of these questions myself by prototyping my scenario but my company
isn't at that stage yet and I need to provide some words on this! Any help would be
appreciated.
Thank you,
Paul Drummond
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973223#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...