aspose file tools*
The moose likes EJB and other Java EE Technologies and the fly likes JAAS and stateful session beans Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "JAAS and stateful session beans" Watch "JAAS and stateful session beans" New topic
Author

JAAS and stateful session beans

Jay Sam
Greenhorn

Joined: Feb 27, 2005
Posts: 27
Hi,

I am using JAAS to authenticate to the EJB tier.

I will then, from the client, call: Subject.doAs(subject, action);

Now imagine the following scenario:
1) client calls servicelocator and gets reference to stateful session ejb
2) client authenticates with security credentials through jaas, with user "anonymous"
3) client invokes methods on stateful session ejb using "Subject.doAs", some conversational state has been built up on behalf of the client in the stateful session ejb
4) client decides to authenticate as a new, more privileged user
5) client authenticates as new user, gets new subject this way
6) client continues to invoke methods on the OLD stateful session ejb with the NEW subject

Questions:
1) is all of this possible ?
2) is the way I use the service locator correct, or should I design this differently ?
3) is it possible to use the conversational state of the OLD stateful session EJB with the NEW subject ?
4) with this form of authentication, will I always have to invoke methods with doAs(subject, action) lines ?

Regards,

Jay
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JAAS and stateful session beans