Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

EJB authentication

 
rudresh kumar
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have few queries on EJB authentication

This scenario comes into play when we develop an application, may be a credit card authorization, where in the service provider, which has its own web layer, so there is no need to apply authentication. but in case of a third party using the services, needs to be authenticated.

We can wrap the services with LDAP/DB authentication, but that will un-necessary for the in house application.

a)Can we implement EJB security, such that it is dependent on requester web url context. Means if reqeust is from particular url context do not apply any authentication (so that we check for inhouse app url context and force authentication for other context).

b)If the above can be achieved, what if the third party app is not a web application, calling thro a IIOP, how can we force the authentication(LDAP/DB) for all IIOP calls.

Thanks
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34401
346
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can set things up so that if a request comes from the web layer it passes a "trusted" user/role to the EJB which always gets in. That way if the request does not come from the web layer, it forces authentication by the actual requestor.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic