File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

declarative security

 
Larr Goneg
Greenhorn
Posts: 23
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
most sample applications in ejb books are using declarative security, but I am wondering how it is happen in real project. Because in that case, Your users will be managed by the Application Server, all users have to be configured in the deploy descriptor, how are you going to add users programmically?
In petstore, it doesn't use any J2EE security feature(HTTP basic authentication, SSL authentication, or form-based login), instead, it uses EJB and SignOnFilter to handle this. Why doesn't it use declarative security to handle login, etc.?
anyone show some light on it? thanks!
 
James Ward
Ranch Hand
Posts: 263
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes your suspicion is right.
You cannot use declarative security for users that are managed by you (your application).
So, you must be wondering when exactly is declarative security useful. I could think of one scenario :
Consider there is a group of applications (not users) that must call your EJBs etc. for some work. These apps could be assigned user ids, and passwds, which they can use while logging into your app. and calling your EJBs or whatever.
Since, number of these apps etc.. are pre-known this would work.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic