1. Webapps are web clients, not application clients. Webapps should therefore
use the security mechanisms provided by the J2EE specs. i.e. you define the
realm and roles to use in the web.xml and jboss-web.xml
JAAS and the servlet container do the rest. The security context is
automatically prop
One more newbie question :)
4. Does JAAS (or some other JBoss security mechanism) allow for "owner"
permissions, like if I am a "Customer", I can only modify my "Address", etc.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3907206#3907206
Reply to the post
The annotations seem to get rid of alot of XML that I see with EJB2.1 based
security configuration examples. I have a few additional questions...
1. Would the client code be much different if it was a web app (war file
running in JBoss)?
2. As for the "conf/login-config.xml", it looks like I ca
Your session bean:
@SecurityDomain("mydomain")
@Stateless
@Remote({ITestBean.class})
public class TestBean implements ITestBean {
@RolesAllowed("myrole")
public String accessPermitted() {
return sc.getCallerPrincipal().getName();
}
}
Define the security domain in conf/login-conf