aspose file tools*
The moose likes Security and the fly likes Authentication Design with EJB Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Authentication Design with EJB" Watch "Authentication Design with EJB" New topic
Author

Authentication Design with EJB

Jay Sam
Greenhorn

Joined: Feb 27, 2005
Posts: 27
Hi,

a) I want several applications/services (java+non-java) to access the same user base. The service providing the user base also should provide authentication mechanisms. The ejb container should be able to access this structure. Ideally, a client calls the ejb, and is at the beginning associated with an "anonymous" user, until the client decides to authenticate. Is this possible ? What kind of architecture would you recommend ? What I definitely do NOT want is : use a web container for this, or servlet functionality. I do want to do authentication at EJB container level, or EJB level.

b) When the client decides to authenticate, how can I make the stateful session ejb be aware of the client´┐Żs new security identity ? I guess it must be stored in a context variable to do that. Also, the ejb - I guess - will have to make calls for this (programmatic). what do those calls look like ? How can I do that ?

c) Imagine I want to create a new user at runtime, and associate the client with the security context of that new user. How is all of this best done ?

My personal guess is: LDAP user base with authentication mechanism. EJB accesses that tree. EJB stores new sec identity in its own context variable, so it aquires the new sec identity (is this possible and allowed for an EJB ?). But all other questions still remain open for me.

Regards,

Jay
[ March 28, 2005: Message edited by: Jay Sam ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authentication Design with EJB