This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes JAAS and stateful session beans Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "JAAS and stateful session beans" Watch "JAAS and stateful session beans" New topic
Author

JAAS and stateful session beans

Jay Sam
Greenhorn

Joined: Feb 27, 2005
Posts: 27
Hi,

I am using JAAS to authenticate to the EJB tier.

I will then, from the client, call: Subject.doAs(subject, action);

Now imagine the following scenario:
1) client calls servicelocator and gets reference to stateful session ejb
2) client authenticates with security credentials through jaas, with user "anonymous"
3) client invokes methods on stateful session ejb using "Subject.doAs", some conversational state has been built up on behalf of the client in the stateful session ejb
4) client decides to authenticate as a new, more privileged user
5) client authenticates as new user, gets new subject this way
6) client continues to invoke methods on the OLD stateful session ejb with the NEW subject

Questions:
1) is all of this possible ?
2) is the way I use the service locator correct, or should I design this differently ?
3) is it possible to use the conversational state of the OLD stateful session EJB with the NEW subject ?
4) with this form of authentication, will I always have to invoke methods with doAs(subject, action) lines ?

Regards,

Jay
 
jQuery in Action, 2nd edition
 
subject: JAAS and stateful session beans
 
Similar Threads
Authenticating with EJB tier/JAAS - 2 different ways ?
Authenticating with EJB tier/JAAS - 2 different ways ?
Switching Security Context with JAAS
ServiceLocator with JAAS authentication ?
ServiceLocator with JAAS ?