J2ee Security on web application
Posted on 2004-04-09
I think my question is very basic, nevertheless I have searched on the web and have not been able to come up with a satisfying solution for my problem. I might be searching on the wrong keywords or I might be looking for something that is never done the way I want to, so here goes..
I'm working on an intranet application in a J2EE environment (JBoss appserver), mainly using EJBs and servlets. I want to set up the EJB security using the regular J2EE role based mechanism. However, I want the actual users of my application to reside in a Database table, each one mapped to one or more roles defined in the J2EE security.
The idea is, a user logs into the application using a servlet and probably a EBJ. Now, somehow I have to let JBoss know what roles (i.e. what EJB rights) this logged in user has, so JBoss knows what methods/EJB this user may or may not invoke.
Now, how can I do this last part? How can I map a username (not known to JBoss itself) to a role JBoss can authorize?
Thanks in advance ;)