You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@tuscany.apache.org by Sun Yang <sy...@gmail.com> on 2008/03/30 17:08:22 UTC
Tuscany client side authentication best practice?
Hi,
I want to know whether Tuscany provide any best practices for client side
(c/s architecture) authentication. Could any one help?
In the EJB world, we could use a stateful session bean to achieve client
side authentication and keep the user authenticated in the same session.
Otherwise, we cannot cache the authentication result in the server side and
have to transfer the credential information in every call.
I am not sure whether there is some kind of best practise to achieve the
same goal as stateful session bean provides? Could I use a ejb client to
connect to the SCA domain with a service backed by a stateful session bean?
Thanks for your help.
Best Regards,
Yang Sun
Re: Tuscany client side authentication best practice?
Posted by Raymond Feng <en...@gmail.com>.
Hi,
If I understand your question correctly, you're looking for a way to keep
some state data (authenticated subject) for SCA components. Please correct
me if otherwise.
The Java implementation type supports all of the scopes defined in the Java
Common Annotations and API Specification: STATELESS, REQUEST, CONVERSATION,
and COMPOSITE. Implementations specify their scope through the use of the
@Scope annotation. For stateless components, you need to pass state data
back and forth like the HTTP cookies. If the scope is COMPOSITE, there will
be one instance for the whole composite. REQUEST for the same request and
CONVERSATION for the same conversation. You can use these component
instances to keep some state data in the given scope.
BTW, SCA uses intents and policySets to support declarative security. You
can find more details at [1]. Are you interested in this perspective too?
Thanks,
Raymond
[1]
http://www.osoa.org/download/attachments/35/SCA_Policy_Framework_V100.pdf?version=1.
--------------------------------------------------
From: "Sun Yang" <sy...@gmail.com>
Sent: Sunday, March 30, 2008 8:08 AM
To: <tu...@ws.apache.org>
Cc: <xg...@msn.com>
Subject: Tuscany client side authentication best practice?
> Hi,
> I want to know whether Tuscany provide any best practices for client side
> (c/s architecture) authentication. Could any one help?
>
> In the EJB world, we could use a stateful session bean to achieve client
> side authentication and keep the user authenticated in the same session.
> Otherwise, we cannot cache the authentication result in the server side
> and
> have to transfer the credential information in every call.
>
> I am not sure whether there is some kind of best practise to achieve the
> same goal as stateful session bean provides? Could I use a ejb client to
> connect to the SCA domain with a service backed by a stateful session
> bean?
>
> Thanks for your help.
>
> Best Regards,
> Yang Sun
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-user-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-user-help@ws.apache.org