stackoom
  简体   繁体   中英

Is there a Java EE way to change user?

 原文  2011-06-03 06:32:12       java/ java-ee

Question

Assume the follwing method:

Test getTest() 
{ 
  Properties props = new Properties(); 
  props.put(javax.naming.Context.SECURITY_PRINCIPAL, "OtherUser"); 
  props.put(javax.naming.Context.SECURITY_CREDENTIALS, "OtherPassword"); 
  InitialContext ic = new InitialContext(props); 
  return (TestHome)PortableRemoteObject.narrow(ic.lookup("ejb/Test"), 
           TestHome.class).create(); 
}

If this method (in an EJB) is called from a client using user "MyUser" I'd like it to return an EJB with a different caller principal. Calls to Test made by the client would then be noted as being from "OtherUser". ie I have programmactially changed a client's caller principal for a given EJB.

However, I find no text on this in the Java EE specs and although it works on our current Java EE app-server (Sybase EAS 4.1), I'd like to ask you if this is a Java EE standard approach or not.

2 answers

solution1
 1  2012-06-24 11:17:34

A standard way of handling login/logoff is JAAS. I don't know if it's fair to say that it is the standard, but it's supported by the Java EE servers I've worked with so far (JBoss, Websphere), and apparently also by Sybase EAS.

JBoss, for instance, comes with several predefined login modules for Database and LDAP and whatnot, that you just have to declaratively configure for your application. However, you are also completely free to write your own login module by implementing the respective interface ( javax.security.auth.spi.LoginModule ).

Take a look at the JAAS Reference Guide .

About your code snippet: I don't know if that'll work on other app servers. This is EJB 1.1, and thus really, really old stuff. You should definitely look at EJB 3.1 and consider modernizing your application anyway.

solution2
 0  2011-06-17 12:04:40

If I get this right this should link a username to an EJB across more than one methodcall, which in my opinion is a state. I guess the standard for this would be to create a Stateful SessionBean with a setUser(String name) method. In a stateless bean you would have to pass the userName (or properties object) on each methodcall.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java EE, Integer to User? Java EE 7 dynamic user roles User preferences in Java EE application Tracking user activity in Java EE User managed security in Java EE How to isolate user sessions in a Java EE? Create subdomain for each registered user (java EE) Fastest way to learn Flex and Java EE? How to connect to FTP in a Java EE compliant way? Best way to interact with EJBs in Java EE
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM