Best Regards<br /> <br />SCJP1.4 SCJD1.4 SCEA
Uste the declarative possiblity of your web container and verify that it is compatible with the ejb container product so that an automatic principal propagation is possible
- If the web container and ebj container are not compatible, you have to write your own realm class in the web container which propagates the principals. That is what I tried to explain in the posts above
This correct, if you like to go for the full declarative approach then you have not to use an intereception filter. Both containers will then do the authentication and authorization for you.
Originally posted by neelArchitect saha:
what is the role of intereception filter,if i do authentication and authorization in front controller itself?
can i use both intereception filter,and front controller both.is it good design.
Originally posted by Manju Karthik:
Understand that declarative security is for protected resources, which is specified in deployment descriptor. The users and user-role mapping are done via the app server console.
But, what about the end users userid/password which are stored in application database. When a login screen is provided, the user enters his user id and pwd (which the user himself had chosen during the registration process). The details provided will be verified with the userid/password stored in application db right? How is this userid mapped to the role for declarative security???
Originally posted by Manju Karthik:
Question on class diagram... Did you show attributes and operations in your class diagram. How abt composition/aggregation??
Originally posted by neelArchitect saha:
My design swing directly connecting to EJB.How then authentication and authorization will be handled.As per my knowledge EJB can not do authentication
Ask your self how important is it to protect the ejb tier from the swing tier especially in this case ? This of course depends in which network zone the travel agents are located. Search the forum and you will find some answers.
By the way, some containers offer anown authentication or also authorization for J2EE client. i.e. as mentioned above Weblogic offer this by using JNDI. So if you like to go alos there for a declarative way you have to propagate the user principals in the J2EE client which is there programmatically. i.e. code which I personally use in a weblgic app
code:
--------------------------------------------------------------------------------
Hashtable hashtable = new Hashtable(); hashtable.put( Context.SECURITY_PRINCIPAL,"105000"); hashtable.put( Context.SECURITY_AUTHENTICATION, "simple" ); hashtable.put( Context.SECURITY_CREDENTIALS, "105000" ); hashtable.put("java.naming.provider.url","t3://127.0.0.1:7001" ); new InitialContext( hashtable );
Originally posted by Manju Karthik:
Hi,
This link explains declarative security for web applications and also how the users can be mapped to one role "Weak authentication". Hope this helps for those who have questions regarding declarative sec for web apps.
http://www.javaworld.com/javaworld/jw-03-2005/jw-0307-captcha.html
-Manju.
#For sending Email can i use message driven bean
yes, you can. You also can use other J2EE things like a session bean. But be careful, the expected standard is EJB 1.1.
Which means if you go for declarative you have not to include components regarding this. But other components which are related to a user activity you may have
I've never won anything before. Not even a tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
|