wood burning stoves 2.0*
The moose likes EJB Certification (SCBCD/OCPJBCD) and the fly likes Need security examples Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » EJB Certification (SCBCD/OCPJBCD)
Bookmark "Need security examples" Watch "Need security examples" New topic
Author

Need security examples

Todor Mollov
Ranch Hand

Joined: Jan 13, 2004
Posts: 30
I've never used security in EJB. Chapter 11 "Security in EJB" from HFE is written very good concerning DD but as always there are no working examples at all. The most misty part is the deployer's job: "mapping actual humans to abstract roles". We understand that mapping happens outside of the EJB specification and is vendor-specific. But what's the point if I can't try this feature.
How does actually mapping works when username and password are supplied to a EJB application?
Anthony Watson
Ranch Hand

Joined: Sep 25, 2003
Posts: 327
The deployer needs to set up the roles that the DD contains as well as map users to roles. Also, the users need to have their passwords mapped to their user names.
Initially, someone needs to set up a security realm for the container. The realm is where the above information will be stored. One example is a database. Another could just be a container's proprietary file. Containers are generally compatible with multiple realm types. Someone must tell the container where to look to authenticate users before any security can be in place for ejbs or web applications for that matter. The easiest way to do some security tests is to use the container's proprietary file, (called a memory realm), and just enter in a couple different people in a couple different roles.


Anthony W.<br />MCP, SCJP 1.4, SCJD, SCWCD 1.3, SCWCD 1.4, SCBCD
Todor Mollov
Ranch Hand

Joined: Jan 13, 2004
Posts: 30
thank you ,
but I don't understand how to set up such a securite realm. Suppose we use database and I insert there a couple of pairs username-password. Suppose I use rich client to authenticate the user. The loging window contains 2 text fields(username field and pass field) and two buttons (OK,CANCEL). How the container will know how to map Principles(Abstract actor) and real users(the data in the DB)?
Dale Seng
Ranch Hand

Joined: Mar 22, 2004
Posts: 275
Originally posted by Todor Mollov:
The loging window contains 2 text fields(username field and pass field) and two buttons (OK,CANCEL). How the container will know how to map Principles(Abstract actor) and real users(the data in the DB)?

Todor, Have you made any progress?
Rajeev Gupta
Greenhorn

Joined: Nov 28, 2001
Posts: 16
Hi Insucha case you have to use JAAS. Remember EJB does not deal with the front end. So with the help of JAAS you have to Authorised your user. Onece this is done you can use this principle to in EJB context.
Please refer to the sun website for JASS documentation. Hope this helps.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Need security examples