It's not a secret anymore!
The moose likes EJB and other Java EE Technologies and the fly likes EJB authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "EJB authentication" Watch "EJB authentication" New topic

EJB authentication

rudresh kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 83
Hi All,

I have few queries on EJB authentication

This scenario comes into play when we develop an application, may be a credit card authorization, where in the service provider, which has its own web layer, so there is no need to apply authentication. but in case of a third party using the services, needs to be authenticated.

We can wrap the services with LDAP/DB authentication, but that will un-necessary for the in house application.

a)Can we implement EJB security, such that it is dependent on requester web url context. Means if reqeust is from particular url context do not apply any authentication (so that we check for inhouse app url context and force authentication for other context).

b)If the above can be achieved, what if the third party app is not a web application, calling thro a IIOP, how can we force the authentication(LDAP/DB) for all IIOP calls.

Jeanne Boyarsky
author & internet detective

Joined: May 26, 2003
Posts: 33132

You can set things up so that if a request comes from the web layer it passes a "trusted" user/role to the EJB which always gets in. That way if the request does not come from the web layer, it forces authentication by the actual requestor.

[OCA 8 book] [Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
I agree. Here's the link:
subject: EJB authentication
It's not a secret anymore!