IggaR wrote:
> Hey all,
>
> I have a security question.
> My project consists of a ejb project with a (RESTful) webservice layer on
> top of it.
> I want to secure this with JAAS using a JDBC realm.
> The configuration isn't al that hard, but I got the message when I logged in
> that the resource isn't available to me, while I do use the proper
> credentials.
> Some searching allowed me to find out that if I filled in the
> <principal-name> in my sun-ejb-jar everything went as it should go.
> However, the project requires a situation where it's free to register, so
> it's impossible to add all the users to the xml file.
>
Yes, it is generally impossible to add all users to xml. So you can do
two things.
1. You can have <role-name> to <group-name> mappings.
2. Or you can use the Canonical mapping :
http://blogs.sun.com/monzillo/date/20071116
If your intent is to allow any valid user (who has logged in
successfully) then you should look at :
http://blogs.sun.com/monzillo/date/20080115
Let us know if that helped.
Thanks.
> Can anyone point me out how I can make this run without using the principal
> names?
>
> Thank you very much
>
>
>