Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Authentication Design with EJB

Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

a) I want several applications/services (java+non-java) to access the same user base. The service providing the user base also should provide authentication mechanisms. The ejb container should be able to access this structure. Ideally, a client calls the ejb, and is at the beginning associated with an "anonymous" user, until the client decides to authenticate. Is this possible ? What kind of architecture would you recommend ? What I definitely do NOT want is : use a web container for this, or servlet functionality. I do want to do authentication at EJB container level, or EJB level.

b) When the client decides to authenticate, how can I make the stateful session ejb be aware of the client´┐Żs new security identity ? I guess it must be stored in a context variable to do that. Also, the ejb - I guess - will have to make calls for this (programmatic). what do those calls look like ? How can I do that ?

c) Imagine I want to create a new user at runtime, and associate the client with the security context of that new user. How is all of this best done ?

My personal guess is: LDAP user base with authentication mechanism. EJB accesses that tree. EJB stores new sec identity in its own context variable, so it aquires the new sec identity (is this possible and allowed for an EJB ?). But all other questions still remain open for me.


[ March 28, 2005: Message edited by: Jay Sam ]
    Bookmark Topic Watch Topic
  • New Topic