J2EE/JAAS: How can I access the JAAS subject object in an EJB?
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Peter_Muckel
Posted On:   Friday, April 2, 2004 10:02 AM

Hello, I try to understand the JAAS integration in J2EE 1.3. I know: J2EE defines a role-based container managed security. There the web container authenticates the user and propagate his identity to the EJB container. In both containers roles authorize the user and control access. Roles, users and their relationship are defined in the realm. JAAS has a more sophisticated policy-based authorisation model. I can define a realm using JAAS having the role-based authorization of the container managed security. My question: How can I access the JAAS subject object in an EJB or servlet to use the policy-based authorization? Thank you for your a   More>>

Hello,

I try to understand the JAAS integration in J2EE 1.3.

I know:

J2EE defines a role-based container managed security. There the web container authenticates the user and propagate his identity to the EJB container. In both containers roles authorize the user and control access. Roles, users and their relationship are defined in the realm.


JAAS has a more sophisticated policy-based authorisation model. I can define a realm using JAAS having the role-based authorization of the container managed security.


My question:

How can I access the JAAS subject object in an EJB or servlet to use the policy-based authorization?


Thank you for your answers


Peter

   <<Less
About | Sitemap | Contact