Security for beans in web application

Thread view:

ittay.dror@gmail.com - 18 Jan 2006 14:01 GMT

Hi,

I have POJOs acting as API to the application. How can I implement
authorization? I tried
Subject s = Subject.getSubject(AccessController.getContext());
Set<Principal> ps = s.getPrincipals();
// now i can authorize based on name or whatever

but i get a subject only if the method was called with doAs. But it
seems to me that if this will be my requirement, then just anybody will
call the methods with doAs, passing whatever principal they want.

In short, I'm a newbie in this. I tried to read some material, but i
confess this is very confusing to me.

So how do i get the username to authorize in a secure way?

Thank you,
Ittay

Reply to this Message

IchBin - 18 Jan 2006 16:43 GMT

> Hi,
>
[quoted text clipped - 15 lines]
> Thank you,
> Ittay

Take look at
http://wiki.apache.org/directory/AuthXHome

Signature

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)

Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...