Shiv Kumar wrote:
>
> Hi all
>
> Currently I am involved in developing a B2B solution. There are a few questions
> for which I would like to have answers. May be you can give me pointers to start
> looking for more details.
>
> 1. Does EJB/J2EE spec provide a mechanism to dynamically create/delete/modify
> Groups and Users? I have been reading about access control lists etc but
> they sound more to me as if the users are defined at compile time. So,
> obviously I can not say method foo() of bean BarBean can be accessed by
> users Tom and Harry at deployment time, because these users do not exist
> when the system is in its initial state.
The obvious question is where/how you store that information. IF you are
using LDAP, you will find the an entity bean mapping to LDAP can allow
you to add remove users, there are common guidelines for defining how
these records look (I recommend inetOrgPerson), and LDAP-based
authenticating servers will support that.
If you are using database storage, simply use CMP entity beans to map to
the proper tables. If you are relying on database roles, it becomes
database specific.
Is it possible to define a common spec across all these mechanisms?
Probably. But we still don't have common specs for authentication, so
expect a few months to pass before something shows up.
> 2. What is the support for Roles in the spec? In my system, a set of Users
> belong to a single Group, A set of Groups or Users belong to one or more
> Roles. Roles have permissions associated with it. Users or Groups belonging
> to a particular Role have all permissions defined for that Role. How do I
> model this using EJBs? Do I have to write my own Security Subsystem or can
> I rely on JAAS?
I think in you case the permission would be the role, the role would be
a collection of role, and the group would be an association between user
and collection of roles. (And I know it doesn't sound sensible)
> 4. Is it best to use JSP/HTML or XML/XSL at the presentation layer? IMO both
> have follow the model view architecture, where the developer is responsible
> for the data to be displayed (model) and the web designer is responsible
> for figuring out how to display it (view). We have been doing JSPs so far,
> but we have not been able to persuade the web designer (an external
> company) to write the JSP files for us - because they dont know Java. So,
> finally we end up doing everything. Is the situation any better in XML/XSL
> world?
Slightly. With XML/XSL your server will produce the data using Java code
(which you know best), and the XSL stage will transform that data into
presentation, without mixing it with Java code.
But, the designers have to know XSL, which is a bit less trivial than
HTML.
Anyway, ping me in a private e-mail if you want to see some code samples
on that.
> 5. We are maintaining User relatated information in Netscape Directory Server
> and the rest in a database. Most of the time, a update operation results in
> updating both the directory server and database. What is the best way to
> make sure that all updates happen in a single transaction? Can I use EJB's
> transaction facility to rollback changes made in Directory server?
We've been using CMP mapping to LDAP inside transactions, and it gets
you where you want (i.e. either saving to both LDAP + DB or not saving
at all). But it doesn't give you any guarantee. The LDAP records can be
overwritten, since LDAP lacks a locking mechanism. If the DB decides to
rollback the transactions after the LDAP has been committed, it's hard
to rollback the LDAP code.
arkin
>
> Thanks for any help.
> --
> shiv
> [EMAIL PROTECTED]
>
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
----------------------------------------------------------------------
Assaf Arkin www.exoffice.com
CTO, Exoffice Technologies, Inc. www.exolab.org
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
