geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: Custom EJB Security
Date Sun, 03 Dec 2006 01:08:17 GMT
The SecurityProxy is a JBoss proprietary feature that Geronimo  
doesn't support.  At the moment we don't have anything directly  
comparable implemented.

Starting with j2ee 1.4 the "official" way to implement security  
dependent on the ejb method calls is to do it in a JACC provider.  In  
a JACC provider you can use the ejb method call in the determination  
of whether to grant an ejb permission to a caller.  I suspect we  
could write a JACC provider that delegated to something like the  
JBoss SecurityProxy.  When considering this before I was thinking  
more in terms of a rule engine, but certainly just writing code is  
simpler :-)

Would you be interested in working on an implementation of this?  I'm  
interested but currently short of time, but I'd be happy to discuss  
how to do it with you.

thanks
david jencks

On Dec 2, 2006, at 10:39 AM, Diego L Espiñeira wrote:

> Hi!
> I'm in the process to migrate to Geronimo an application originally
> build for JBoss.
> This application uses custom EJB security through implementing the
> org.jboss.security.SecurityProxy interface. How could this be done  
> with
> Geronimo. The reasons I've approached this issue that way and not the
> facade bean using isUserInRole are the tight integration with the
> application server architecture and that of this way I can write neat
> and more maintainable code.
>
> PD: sorry, my English sucks.
>
> Thanks in advance.
>
> __________________________________________________
> Correo Yahoo!
> Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
> ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar


Mime
View raw message