2 Replies Latest reply on Oct 26, 2004 1:48 PM by Partha McCarthy

    Entity Beans for DatabaseLoginModule

    Partha McCarthy Newbie

      Please excuse me if this has been asked before, but can someone tell me if it is ok to control the Principals and Roles tables (for the DatabaseLoginModule) with entity beans?

      My current application needs to manually change user roles quite often, so it needs to be done through the web. I did a few quick tests and it looks like I can just create a PrincipalBean and RoleBean and everything will work- even with CMP. This would be nice and easy...

      Is there any security problem with this approach? I'm a newbie with all of this, so please be gentile. :) I appreciate your help - this forum rocks!


        • 1. Re: Entity Beans for DatabaseLoginModule
          Scott Stark Master

          The only issue is securing the ejb with the DatabaseLoginModule. Clearly there must be some minimal set of user/roles to allow access to the entity beans modifying the DatabaseLoginModule tables. The only other issue with the scenario you describe is ensuring the authentication cache is flushed when the database roles are changed. It that is needed see:


          • 2. Re: Entity Beans for DatabaseLoginModule
            Partha McCarthy Newbie

            Scott, I thank you very much for your help on this issue!! Your responses on this forum are one of the main reasons I have been able to create a successful jboss application. I'm sure many others are in this boat too...

            Security was so easy to set up this way, I almost feel dirty. :)

            In case anyone wants to know, I'm running only two security entity beans: "Role" and "Principal". I'm using CMR to set up a many to many relationship between them, so there is a "Role_Principal" table in the middle.

            The principalQuery runs off of the "Principal" table.
            The rolesQuery runs off of the middle "Role_Principal" table.

            I just set up a simple session bean to allow creation/changing of users and roles, and everything is working sweetly. Initially, as Scott mentioned, you have to create an administrative account manually. I just set up a quick SQL query to create a password changer account that my users can run on install.

            Thanks again!