Rickard,
Am I correct in thinking that once a user credential or
principal is
passed from a client( java program or servlet etc.) jboss will do the
authentication
on its own using JAAS.
Also is it a possibility that a JAAS implementation will do
authentication against
a LDAP directory.
Pranab
Rickard �berg wrote:
>
> Hi!
>
> roman seidl wrote:
> > R�> JAAS allows us to authenticate the caller. This information can then be
> > R�> used to implement the security as defined in the EJB spec.
> > So i could use JAAS to set a rule for a user depending on the obejct
> > the rule is applied to?
> > Or is it for authentification only?
>
> JAAS is for authentication. Authorization is done through the EJB-JAR
> XML descriptor.
>
> > I�d really need a security system that allows granting rights on an
> > instance level. If there is any ideas on how to implemt it id really
> > like to get to know them.
>
> Portable: do this in the bean by using info from
> EntityContext.getCallerPrincipal(). Of course you would want to factor
> this functionality out from your normal bean logic. I.e. layer your
> Entity.
>
> Non-portable: implement it as a jBoss-interceptor. Look at
> org.jboss.ejb.plugins.SecurityInterceptor and do something similar but
> with instance-level authorization. This gives you complete control and
> no need to change beans.
>
> /Rickard
>
> --
> Rickard �berg
>
> @home: +46 13 177937
> Email: [EMAIL PROTECTED]
> http://www.telkel.com
> http://www.jboss.org
> http://www.dreambean.com
