geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject How is app client to ejb security supposed to work?
Date Sat, 07 Apr 2007 17:14:09 GMT
I can't figure out how javaee app client to ejb security is supposed  
to work (and I have some evidence it isn't).

What I'd expect is that:

- you log into the app client, resulting in a Subject in the  
ContextManager.  This subject would have to include a private  
credential that stores the password.
- when you call an ejb, the ejb client code consults the  
ContextManager to see if there's a subject, and if so looks for a  
private credential and if present gets the client identity from  
openejb and uses it in the call.  It could stash the client identity  
in the subject so it didn't have to log in again.

What (if anything) is currently implemented?  If nothing is, and the  
above looks plausible, where does this hook up to openejb, and what  
would I have to implement/modify?

david jencks

View raw message