Re: Regarding obtaining Identity in Beans without ldap

Wed, 31 May 2000 08:22:03 -0700 

In EJB Specs 1.1, you can assign roles(users and/or groups) to beans and/or
individual bean methods and is pretty cool. You need not write any code to
restrict access, but use the deployment descriptor to set up policies and
catch SecurityException in your code. Look for your EJB Server docs for
implementation details. If you are using weblogic, you can use
LDAP/RDBMS/property files to store realms or use NT/UNIX realms. For
weblogic implementation visit
http://www.weblogic.com/docs51/classdocs/securityguide.html



----- Original Message -----
From: Ravindra Balija <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 31, 2000 10:34 AM
Subject: Regarding obtaining Identity in Beans without ldap


Greetings.
We have an application which requires storing user ids and passwords
along with roles to do authorization and authentication. Since the
implementation is on EJB, the natural way for solving this was to use
ldap provided by the vender's EJB implementation. Due to the reasons
beyond our control we cannot use ldap for this purpose. However there
is a need to use java.security.Identity obtained from EJBContext in
our Entity beans.
Since we cannot use ldap we are planning to store user id, passwords
and  roles information in the backend database. Write some api's to do
authorization and authentication. In this situation, I belive I will
not be able to get the necessary information from the
java.security.Identity.

We are using NAS 4.0 SP2.

Has anybody faced this kind of situation. How to solve this problem?
Pointers, suggestions are highly appreciated.

Thanks with regards,
Ravindra

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST".  For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".

Reply via email to