Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

declarative security

 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
most sample applications in ejb books are using declarative security, but I am wondering how it is happen in real project. Because in that case, Your users will be managed by the Application Server, all users have to be configured in the deploy descriptor, how are you going to add users programmically?
In petstore, it doesn't use any J2EE security feature(HTTP basic authentication, SSL authentication, or form-based login), instead, it uses EJB and SignOnFilter to handle this. Why doesn't it use declarative security to handle login, etc.?
anyone show some light on it? thanks!
 
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes your suspicion is right.
You cannot use declarative security for users that are managed by you (your application).
So, you must be wondering when exactly is declarative security useful. I could think of one scenario :
Consider there is a group of applications (not users) that must call your EJBs etc. for some work. These apps could be assigned user ids, and passwds, which they can use while logging into your app. and calling your EJBs or whatever.
Since, number of these apps etc.. are pre-known this would work.
 
reply
    Bookmark Topic Watch Topic
  • New Topic