| |
Sistemi distribuiti: design
-
Forum del Corso
Messaggi del Thread
|
| Autore |
Messaggio |
igor.cappello
|
Thread
Postato:
25 gennaio 2006
Titolo:
security roles in ejb-jar.xml
|
|
|
I'm designing a system in which there are two different types of users (plus the special user Admin). Different types of user can execute different actions, implemented in different stateless beans.
The user's type has to be reflected to the content of the <role-name> tag, if I'm not wrong.
My question is: when running the system, who says "the role-name for this request is typeA" rather than "the role-name for this request is typeB"?
Maybe this is a trivial issue...
Thanks in advance
Igor
|
|
|
afogarolli
|
Postato:
25 gennaio 2006
Titolo:
Re: security roles in ejb-jar.xml
|
|
|
Hi!
if you want to use security roles for securing the right access to the ejb components you must use JAAS technology.
Anyway even if you use roles you still need to do user authentication first and then during this phrase you will associate the role to the user.
For your problem I really don't know if using security roles could be a good design choice, also because usually there are some logical area of the application that you need to access from both normal user and admin, and this colud drive you to an unmanageble situation.
Anyway if you want to use security roles take a look at the JAAS documentation">JAAS documentation for JBoss or just look for JAAS documentation and you will find a lot of examples.
|
|
|
|
igor.cappello
|
Postato:
26 gennaio 2006
Titolo:
Re: security roles in ejb-jar.xml
|
|
|
Thanks for the explanation and the links!
Igor
|
|
|
|
|
|
Back