aspose file tools
The moose likes Security and the fly likes Authenticating with EJB tier/JAAS - 2 different ways ? Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "Authenticating with EJB tier/JAAS - 2 different ways ?" Watch "Authenticating with EJB tier/JAAS - 2 different ways ?" New topic
Author

Authenticating with EJB tier/JAAS - 2 different ways ?

Jacob Lyang
Greenhorn

Joined: Apr 07, 2005
Posts: 2
posted private message
0
Quote
there seem to be 2 different ways of authenticating with JAAS and
making secure calls to EJBs:

Way A:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) make calls to ejbs with the Subject.doAs(subject, action) construct

Way B:
1a) authenticate via JAAS logincontext.login()
2a) obtain a subject
3a) just make calls to the ejb without using the construct. Example:
myEJB.methodA();

Way A is described on many sites.
Way B is published in the new Ed Roman book (3rd Edition)

Are both correct ?
I would be more confident knowing an example directly provided by Sun,
or having sources from Sun Microsystems for this.
Although I think Ed Roman knows what he is doing, it seems too easy
for me and I ask myself if something changed in EJB/JAAS between the
2nd and 3rd Edition of the book ?

Regards,

Jay
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: Authenticating with EJB tier/JAAS - 2 different ways ?
 
Similar Threads
Ed roman EJB 2.0 book (2nd edition??)
ServiceLocator with JAAS ?
ServiceLocator with JAAS authentication ?
Authenticating with EJB tier/JAAS - 2 different ways ?
Question on Mastering EJB book