R
Ryan Boder
I am fairly new to J2EE and am using Jboss for my app server. I need
to implement the concept of multiple users, like many enterprise
systems do. How is that usually done?
I guess since authorization is outside of the scope of J2EE, it is
usually dependent on the J2EE server, but I'm not sure.
After studying the Jboss docs for a while I have come up with a simple
way that will probably work, but I hope to benefit from others
experience before I go do it.
I am thinking that I can store usernames and passwords in entity beans
and then create a JAAS LoginModule that checks the beans to see if the
given user and password are correct for authentication. Then I can
make sure the user is allowed to access the bean that contains the
method being called using a Jboss SecurityProxy on the remote
interfaces and storing the owner in each private bean. The security
proxy would make sure the authenticated principal matches the bean
owner before allowing access to the bean.
1. JAAS Login by verifying the given password matches the one in the
user entity bean.
2. Make sure authenticated user matches bean owner for the bean being
called.
I think this will work, but I know that many others have done multi
user secure apps on Jboss, so please tell me if you know a better or
more common way.
Thanks,
Ryan
to implement the concept of multiple users, like many enterprise
systems do. How is that usually done?
I guess since authorization is outside of the scope of J2EE, it is
usually dependent on the J2EE server, but I'm not sure.
After studying the Jboss docs for a while I have come up with a simple
way that will probably work, but I hope to benefit from others
experience before I go do it.
I am thinking that I can store usernames and passwords in entity beans
and then create a JAAS LoginModule that checks the beans to see if the
given user and password are correct for authentication. Then I can
make sure the user is allowed to access the bean that contains the
method being called using a Jboss SecurityProxy on the remote
interfaces and storing the owner in each private bean. The security
proxy would make sure the authenticated principal matches the bean
owner before allowing access to the bean.
1. JAAS Login by verifying the given password matches the one in the
user entity bean.
2. Make sure authenticated user matches bean owner for the bean being
called.
I think this will work, but I know that many others have done multi
user secure apps on Jboss, so please tell me if you know a better or
more common way.
Thanks,
Ryan