• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

Need security examples

 
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've never used security in EJB. Chapter 11 "Security in EJB" from HFE is written very good concerning DD but as always there are no working examples at all. The most misty part is the deployer's job: "mapping actual humans to abstract roles". We understand that mapping happens outside of the EJB specification and is vendor-specific. But what's the point if I can't try this feature.
How does actually mapping works when username and password are supplied to a EJB application?
 
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The deployer needs to set up the roles that the DD contains as well as map users to roles. Also, the users need to have their passwords mapped to their user names.
Initially, someone needs to set up a security realm for the container. The realm is where the above information will be stored. One example is a database. Another could just be a container's proprietary file. Containers are generally compatible with multiple realm types. Someone must tell the container where to look to authenticate users before any security can be in place for ejbs or web applications for that matter. The easiest way to do some security tests is to use the container's proprietary file, (called a memory realm), and just enter in a couple different people in a couple different roles.
 
Todor Mollov
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thank you ,
but I don't understand how to set up such a securite realm. Suppose we use database and I insert there a couple of pairs username-password. Suppose I use rich client to authenticate the user. The loging window contains 2 text fields(username field and pass field) and two buttons (OK,CANCEL). How the container will know how to map Principles(Abstract actor) and real users(the data in the DB)?
 
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Todor Mollov:
The loging window contains 2 text fields(username field and pass field) and two buttons (OK,CANCEL). How the container will know how to map Principles(Abstract actor) and real users(the data in the DB)?


Todor, Have you made any progress?
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Insucha case you have to use JAAS. Remember EJB does not deal with the front end. So with the help of JAAS you have to Authorised your user. Onece this is done you can use this principle to in EJB context.
Please refer to the sun website for JASS documentation. Hope this helps.
 
Did you miss me? Did you miss this tiny ad?
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic