• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown
Bartenders:

how to bring ejb security together with normal user account

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Primary i dont understand the ejb security model.
I know i can configurate every ejb methode with security restrictions and i can create user roles and users. I think this work without any problems if i have only a handfull of users. But how do i use the built in security when 10000 web user can create her own account ?
I can only create a ejb user account per hand and not in code. Is this right ?!
Ok i think it would be nice if i have something like a single ejb account called "webuser"
and my own user system. And every user which have loged in with my system can use everything which my ejb "webuser" can do.
Can i do this ? and if so how ?
 
John Breitner
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It looked found the answer by myself ...

http://java.sun.com/blueprints/guidelines/designing_enterprise_applications_2e/security/security3.html
9.2.3.1 Self-Registration
Some Web-based applications must authenticate users whose identities cannot be known in advance of their first use of the application. In contrast to typical computer user authentication environments, where a user must wait for an administrator to set up the user's account, such applications require an automated means for users to register an authentication identity for themselves. To self-register, the user is required to provide his or her identity and may be required to provide a password to protect the account along with one or more additional forms of identification, agree to some contractual obligations, and/or provide credit card information for payment. Once the registration dialog is complete, the user may authenticate as necessary to access the protected resources of the site.
The self-registration mechanisms provided by J2EE platforms are platform- specific. Applications that depend on these mechanisms should do so in a fashion that allows them to evolve, employing standard facilities and APIs as they are added to the platform. In the absence of portable self-registration mechanisms, application developers should resist the temptation to move user authentication and authorization into the application.
 
reply
    Bookmark Topic Watch Topic
  • New Topic