File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes declarative security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "declarative security" Watch "declarative security" New topic

declarative security

Larr Goneg

Joined: Jul 02, 2003
Posts: 23
most sample applications in ejb books are using declarative security, but I am wondering how it is happen in real project. Because in that case, Your users will be managed by the Application Server, all users have to be configured in the deploy descriptor, how are you going to add users programmically?
In petstore, it doesn't use any J2EE security feature(HTTP basic authentication, SSL authentication, or form-based login), instead, it uses EJB and SignOnFilter to handle this. Why doesn't it use declarative security to handle login, etc.?
anyone show some light on it? thanks!
James Ward
Ranch Hand

Joined: Apr 27, 2003
Posts: 263
Yes your suspicion is right.
You cannot use declarative security for users that are managed by you (your application).
So, you must be wondering when exactly is declarative security useful. I could think of one scenario :
Consider there is a group of applications (not users) that must call your EJBs etc. for some work. These apps could be assigned user ids, and passwds, which they can use while logging into your app. and calling your EJBs or whatever.
Since, number of these apps etc.. are pre-known this would work.
I agree. Here's the link:
subject: declarative security
It's not a secret anymore!