• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to associate web client with a security context?

 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a servlet that calls an EJB. The servlet uses custom authentication, i.e. it does not employ container-managed security (BASIC, FORM, or CLIENT-CERT). The EJB, however, does use container-managed security.
How can I associate my servlet with a security context such that calling the EJB does not raise a "not authorized" exception?
------------------
Miftah Khan
- Sun Certified Programmer for the Java� 2 Platform
- Sun Certified Web Component Developer for the Java� 2 Platform, Enterprise Edition
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please, someone.. I'd really appreciate help with this question.
In case my original question wasn't clear.. what I'm trying to do is call an EJB from a servlet. The EJB is configured to allow access only to users in role "manager". The servlet, however, doesn't utilize container managed security, and as a result, the user isn't associated with any role. How can I associate the user with a role without using web.xml-defined security for the servlet?
Thanks in advance,
-Miftah
[This message has been edited by Miftah Khan (edited October 29, 2001).]
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18108
52
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.
 
Anonymous
Ranch Hand
Posts: 18944
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Tim Holloway:
I believe that assigning a role to a caller of an EJB is somewhat dependent on what server you're using.

I've been practicing with both Weblogic 6.1 (evaluation) as well as Sun's J2EE Reference Implementation (version 1.2.1). Any thoughts on either of these?
 
Subrahmanyam Allamaraju
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is a tricky question. If you're protecting your web resources, why are trying to protect the EJBs? Trying to access protected EJBs from the unprotected servlets leaves room for misuse.
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do not fully understand your question; however, I am attempting to answer your question:
Using the WebLogic, the role-name is mapped to principals or groups based on the security-role-assignment element in weblogic.xml. Let us say you have a role-name FOO and you want to assign this role to users John and Mark. You need to make this entry in weblogic.xml- <security-role-assignment> <role-name>FOO</role-name> <principal-name>John</principal-name> <principal-name>Mark</principal-name> </security-role-assignment>

Hoping it was a useful piece of information.
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, the previous message looks incomplete --
You need to make this entry in weblogic.xml-
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
This is the way mapping works.
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It seems that the elements that I typed in get erased!!! Let me try again.
In weblogic.xml:
<security-role-assignment>
<role-name>FOO</role-name>
<principal-name>John</principal-name>
<principal-name>Mark</principal-name>
</security-role-assignment>
 
JiaPei Jen
Ranch Hand
Posts: 1309
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK, I do not know why it gave me this. I have to describe in words instead of typing the xml elements:
Withing the security-role-name element, the role-name is FOO, and repeat the principal-name twice, one for John and another for Mark.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic