permaculture playing cards
The moose likes EJB and other Java EE Technologies and the fly likes Switching Security Context with JAAS Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Switching Security Context with JAAS" Watch "Switching Security Context with JAAS" New topic

Switching Security Context with JAAS

Jay Sam

Joined: Feb 27, 2005
Posts: 27

this is my scenario:

1) client authenticates via JAAS
2) gets reference to stateful session EJB
3) calls some methods
4) at some point, client decides to re-authenticate, because he needs to call more privileged methods. So he authenticates as a more privileged user.
5) client calls methods on stateful session EJB with new, more privileged status

My questions:
a) will I be able to use the same EJB reference, although having switched security context by reauthenticating to JAAS ?
b) will state in the stateful session EJB still be bound to me, or will I have to transfer state to a new session EJB ?
c) do I - as authenticated user with JAAS, have to call every method on the EJB with the doAS(Subject, EJBHandle) syntax ?


subject: Switching Security Context with JAAS
It's not a secret anymore!