| Author |
Authentication in EJB ? isn't it passed from the front end ?
|
Cosmin Nicolae Vacaroiu
Ranch Hand
Joined: Feb 10, 2011
Posts: 52
|
|
Hello,
I'm studying for SCBCD JEE6 and I saw in the objectives something that I can't understand.
I know there's a login method with Servlets, but with EJB ?
Implementing Security
[ ] Understand the Java EE security architecture
[ ] Authenticate the caller Examine Java EE authorization strategies
[ ] Use declarative authorization
[ ] Use programmatic authorization Examine the responsibilities of the deployer
Thanks.
|
SCJP 6 (93%), SQL Expert 11g (95%), SCWCD 6 (84%), OCE-EJBD 6 (98%), OCE-JPAD 6 (93%)
|
 |
Ivan Krizsan
Bartender
Joined: Oct 04, 2006
Posts: 2194
|
|
Hi!
No, authentication information is not always passed from the front end to an EJB.
For example, think of the case when you expose a web service with an endpoint implementation class being an stateless session bean.
In such a case, the authentication information has to be passed to the web service in one way or another.
Best wishes!
|
My free books and tutorials: http://www.slideshare.net/krizsan
|
|
Cosmin Nicolae Vacaroiu
Ranch Hand
Joined: Feb 10, 2011
Posts: 52
|
|
|
I think you meant authentication, not authorization. How can you authenticate and give roles to the client in your example ?
|
|
Ivan Krizsan
Bartender
Joined: Oct 04, 2006
Posts: 2194
|
|
Hi!
Absolutely, I confused authorization with authentication. Thanks for pointing this out!
I have corrected the original post.
Best regards!
|
|
Cosmin Nicolae Vacaroiu
Ranch Hand
Joined: Feb 10, 2011
Posts: 52
|
|
The problem was with JBoss which didn't checked again for the security, it checked just in the serlvet part.
So I stopped testing on JBoss and installed Glassfish and works perfect.
Thanks.
|
|
 |
|
|
subject: Authentication in EJB ? isn't it passed from the front end ?
|
|
|
0
