File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes EJB and other Java EE Technologies and the fly likes Switching Security Context with JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Switching Security Context with JAAS" Watch "Switching Security Context with JAAS" New topic

Switching Security Context with JAAS

Jay Sam

Joined: Feb 27, 2005
Posts: 27

this is my scenario:

1) client authenticates via JAAS
2) gets reference to stateful session EJB
3) calls some methods
4) at some point, client decides to re-authenticate, because he needs to call more privileged methods. So he authenticates as a more privileged user.
5) client calls methods on stateful session EJB with new, more privileged status

My questions:
a) will I be able to use the same EJB reference, although having switched security context by reauthenticating to JAAS ?
b) will state in the stateful session EJB still be bound to me, or will I have to transfer state to a new session EJB ?
c) do I - as authenticated user with JAAS, have to call every method on the EJB with the doAS(Subject, EJBHandle) syntax ?


I agree. Here's the link:
subject: Switching Security Context with JAAS
It's not a secret anymore!