This content has been marked as final. Show 7 replies
I don't see how anybody here can help you with your unknown system. This is not a STAF forUm, or website. Try the people who wrote it.
I wouldn't be assigning a security task to someone 'still a bit raw' myself.
Thank you for your kind and helpful answer.
I don't know if you noticed, but I didn't ask about STAF security - something I am sumpremely well versed in - but about the specifics of JAAS and how one could integrate STAF's security check into the way it happens on Glassfish 3. And perhaps I shouldn't have been so modest about myself, since it only seems to have invited contempt. I am "raw" when it comes to Java EE, but have 25+ years of experience with just about everything else; UNIX (all of them), databases (all of them, including some obscure ones), programming languages (...), etc etc etc.
Again, thank you for your time.
Edited by: janpla on Jun 22, 2012 12:09 AM
A custom login module to do the STAF authentication steps and a CustomPrincipal that contains the STAF handle (assuming the handle is only created once) should do it.1 person found this helpful
The details for how to do these would be in the container's manuals as different containers do these differently.
I don't know if you noticed, but I didn't ask about STAF securityYou asked "is there a way to preserve the STAFHandle for the use of the rest of the application?" If that isn't a STAF question I don't know what is.
have 25+ years of experienceWell done. Some of us have much more.
EJP wrote:Yeah yeah written compilers and have 2 books published. But can you handle a barbeque? Your accolades aren't worth much if you can't at least do that!
Well done. Some of us have much more.
r035198x - thanks a lot for your reply. I know where to look for the information now, so I can go on and solve my problem.
You asked "is there a way to preserve the STAFHandle for the use of the rest of the application?" If that isn't a STAF question I don't know what is.STAFHandle is an object that you get back from the STAF API; what exactly it is, is not relevant, as per the object idiom. And this is not s STAF question - it is a question about whether there is a way to preserve this object, that you have acquired somewhere in the Java EE authentication code, so that it can be seen and used elsewhere in other parts of the application. The answer to this may or may not be blindingly obvious to someone with long experience in Java EE development, but when you are new to it, the best way to learn is by doing and asking, in the hope that there are people around who are kind and patient enough. Fortunately, as it turns out, there were.
Well done. Some of us have much more.Yeah, "you were there when they built Stonehenge" :-)
And it isn't really about dick-waving either; despite my long experience with development, I am not too proud to go and ask the stupid questions. Or perhaps it is because of my experience that I don't mind leting people know that I'm not possessed of divine insight. To my mind teaching is a a duty and a privilege of those with experience.