File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Authenticating with EJB tier/JAAS - 2 different ways ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Authenticating with EJB tier/JAAS - 2 different ways ?" Watch "Authenticating with EJB tier/JAAS - 2 different ways ?" New topic
Author

Authenticating with EJB tier/JAAS - 2 different ways ?

Jacob Lyang
Greenhorn

Joined: Apr 07, 2005
Posts: 2
there seem to be 2 different ways of authenticating with JAAS and
making secure calls to EJBs:

Way A:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) make calls to ejbs with the Subject.doAs(subject, action) construct

Way B:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) just make calls to the ejb without using the construct. Example:
myEJB.methodA();

Way A is described on many sites.
Way B is published in the new Ed Roman book (3rd Edition)

Are both correct ?
I would be more confident knowing an example directly provided by Sun,
or having sources from Sun Microsystems for this.
Although I think Ed Roman knows what he is doing, it seems too easy
for me and I ask myself if something changed in EJB/JAAS between the
2nd and 3rd Edition of the book ?

Regards,

Jay
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Authenticating with EJB tier/JAAS - 2 different ways ?
 
Similar Threads
Authenticating with EJB tier/JAAS - 2 different ways ?
Ed roman EJB 2.0 book (2nd edition??)
ServiceLocator with JAAS authentication ?
Question on Mastering EJB book
ServiceLocator with JAAS ?