[jboss-user] [Security & JAAS/JBoss] - Best practice question
hanland
do-not-reply at jboss.com
Tue Nov 7 11:38:19 EST 2006
I am developing a client server app using JBoss and ejb3. I have a client based on eclipse and they work very nicely together. I was using an existing login mechanisim but decided to start using the new ejb3 security annotations etc. instead.
My question here is what is the best pratice with ejb3. I have set up a custom JAAS login handler module with a LoginContext connecting to my backend database which is fine. The problem I see though is that the logged in principal etc is not propagated to subsequent ejb access once a successful login has occurred. When I use the JNDI InitialContext method the login works fine, the principal is also propagated via the initialContext lookups.
What is the best approach here? Should I be mixing JNDI and JAAS but how do I propagate the principle etc.
Comments !!!!!
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983831#3983831
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983831
More information about the jboss-user
mailing list