Hi, I am trying to learn how JBoss security and JAAS would work together within my application which will be a Rich Client communicating with EJBs in JBoss (EJB3). I am new to JavaEE so I apologise in advance if I use the wrong terminology or don't explain the problem very well. (BTW: should I be posting to the newbie forum?)
I understand that my rich client can use JAAS to login to a JBoss application server using a LoginModule. Once the user is authenticated then it is possible to use security roles in the EJB code to ensure proper authorisation like this: | if(ctx.isCallerInRole("admin")) { | //access resource | } | What I also need is similar code in the Rich Client. As a simple example I want to enable a "Admin" menu if the user is in the admin role. I assume I must use JAAS directly here - doAsPriliveged() maybe? Even if doAsPrivileged() is the correct way to do it, due to the following article (http://today.java.net/pub/a/today/2006/09/14/using-jaas-in-ee-and-soa.html) I am concerned that there will be unmanageable inconsistencies. Given my requirements and the concerns regarding JAAS and JavaEE integration maybe a custom authorization mechanism would be better? At the moment, I am very confused about how JAAS and JavaEE integrate together. I would be able to answer some of these questions myself by prototyping my scenario but my company isn't at that stage yet and I need to provide some words on this! Any help would be appreciated. Thank you, Paul Drummond View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973223#3973223 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973223 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user