Win a copy of Event Streams in Action this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

ServiceLocator with JAAS ?

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

does JAAS authentication on the client somehow knock off the need for a ServiceLocator pattern?

Scenario:
1) I request reference to a stateful session ejb via ServiceLocator
2) ServiceLocator authenticates with user "anonymous" and creates that ejb and returns the reference to it, as well as my "subject" object.
3) I make some calls using Subject.Doas
4) at some point, I decide to switch identity, therefore re-authenticating to the server
5) I do method calls on the same ejb as before

Doubts about ServiceLocator pattern integration with JAAS:
a) in this scenario, ServiceLocator looks up the bean for me. Have I got to provide any URL for logging in also ? I guess I must somehow decide - just as with EJBs - where to find the server to authenticate to, am I right ? If yes, will I need to write servicelocator functionality for looking up the "URL" of the service/server to authenticate to ?
If I need no URL for logging in, then this doubt is of no importance
b) in step 4, I decide to switch identity by re-authenticating to the server. Well - same problem: ServiceLocator gave me the proper EJB reference. So I guess it should also know - and _only_ ServiceLocator should know - where to re-authenticate to.


The most important doubt:
c) to call methods on EJBs in this way, I have to use the Subject.doAs(subject, action) construct. This means that I will have to define one action object for each method which can be called on the stateful sessoin EJB by the client. For creating my stateful session EJB, then, I could create a "create" action right away, without the ServiceLocator needing to be involved. That "create" action would hand me back the reference to the EJB, and I could authenticate prior to doing that. In fact, only the "create" action needs to access ServiceLocator functionality with this design. So - is it still useful for anything ?

How would you combine ServiceLocator pattern with JAAS, in the case of the above scenario ?

Thanks,

J
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!